Cozmus is a FINTRAC-registered MSB providing centralized financial infrastructure — from remittances and IBAN accounts to foreign exchange, crypto services, and multi-industry payment processing.
Our core banking platform manages client onboarding, transaction processing, account management, compliance monitoring, and settlement across multiple financial products.
Domestic and international money transfer services for retail and corporate customers. Cross-border payments via correspondent banking networks and remittance partners globally.
Virtual and dedicated IBAN accounts for customers to hold and transfer funds. Support for incoming and outgoing ACH, SEPA, SWIFT wire transfers, and domestic rails.
Real-time foreign exchange services with spot transactions, multi-currency wallet conversions, and automated FX during cross-border payments.
Digital asset services including wallet management, blockchain transfers, buy/sell execution, and fiat-to-crypto conversion with full compliance monitoring.
End-to-end card and alternative payment processing for merchants across all risk levels. Smart routing, fraud prevention, and multi-acquirer infrastructure.
Secure digital interfaces for customers with real-time balances, transaction history, internal transfers, multi-currency views, and role-based access controls.
Cozmus operates under SimplePay Finance Corp. — a FINTRAC-registered Money Services Business.
Our MSB registration authorizes the full spectrum of money services:
Integrated across all services — every transaction passes through our multi-layered compliance infrastructure.
Identity verification, document checks, beneficial ownership screening.
Real-time transaction monitoring, pattern detection, velocity checks.
OFAC, UN, EU, Canadian OSFI list screening on every transaction.
AI-powered scoring, device fingerprinting, custom rule engines.
Bank-grade encryption, tokenization, annual QSA audits.
Automated STR filing with FINTRAC, full audit trails.
Role-based permissions, MFA, least privilege, access reviews.
Wallet screening, transaction tracing, risk scoring.
From high-risk verticals to mainstream commerce — supported by our banking relationships.
Streamlined onboarding for merchants, remittance partners, and financial institutions.
Submit business details, service requirements, and volumes.
Thorough due diligence and risk assessment.
REST API, hosted pages, or pre-built plugins.
Real-time dashboards and dedicated support.
50+ currencies with real-time FX, instant conversion, and settlement.
PCI DSS Level 1, AES-256, tokenization, 3DS2, TLS 1.3.
Intelligent routing across acquirers and payment rails.
Live dashboards, monitoring, alerts, and reports.
AI detection, custom rules, velocity checks, sanctions screening.
RESTful APIs, webhooks, SDKs, secure banking integrations.
Whether you need remittance infrastructure, IBAN accounts, FX services, or merchant processing — we have the platform and licenses to support you.
Cozmus, operated by SimplePay Finance Corp. (MSB Reg. C100000874), maintains rigorous AML/KYC procedures in compliance with PCMLTFA and FINTRAC regulations.
All customers undergo identity verification (government ID, proof of address), business verification (incorporation docs, beneficial ownership), risk assessment, and Enhanced Due Diligence for high-risk profiles including PEPs.
Continuous transaction monitoring with pattern detection, velocity checks, geographic anomaly detection, and behavioral analysis. All flagged transactions reviewed within 24 hours.
STRs filed with FINTRAC when reasonable grounds exist. Staff trained to identify red flags including unusual patterns, structuring, and inconsistent activity.
All customers screened against OFAC SDN, UN Security Council, EU Consolidated, and Canadian OSFI lists at onboarding and on ongoing basis.
All KYC/AML records retained for minimum 5 years per PCMLTFA requirements.
Designated Compliance Officer oversees the entire AML/KYC program and serves as primary FINTRAC contact.
By using Cozmus services you agree to these terms. Services include payment processing, remittance, IBAN accounts, FX, and digital asset services.
Users must be legally registered entities, complete KYC/AML verification, maintain valid business licenses, and comply with applicable regulations.
Illegal activities, sanctioned persons/countries, fraud, counterfeit goods, unlicensed financial services, and card network rule violations are strictly prohibited.
Outlined in individual agreements. 30 days notice for changes. Settlement may be delayed for suspected fraud or compliance violations.
Merchants bear liability. Ratios above 1% may trigger review, reserves, or termination.
30 days written notice by either party. Immediate suspension for violations.
Laws of British Columbia, Canada. Disputes resolved through arbitration in Vancouver, BC.
Identity: Name, DOB, government ID. Business: Company details, ownership. Financial: Bank details, transactions. Technical: IP, browser, device info.
Service delivery, KYC/AML compliance, fraud prevention, service improvement, communications, and legal obligations.
Shared with acquiring banks, card networks, regulators (FINTRAC), and fraud prevention services as required. We do not sell data for marketing.
PCI DSS Level 1, AES-256 encryption, TLS 1.3, MFA, regular audits and penetration testing.
KYC/AML records retained minimum 5 years after account closure per PCMLTFA.
Access, correction, deletion (subject to legal retention), objection, and data portability depending on jurisdiction.
Small text files stored on your device to improve experience and maintain security.
Essential: Session, authentication, security — cannot be disabled. Analytics: Aggregated usage data. Functional: Language and display preferences. Security: Fraud detection and system integrity.
Google Analytics, Cloudflare, and payment verification services may set their own cookies.
Control via browser settings or our consent banner. Blocking essential cookies may impair functionality.
Highest payment security certification, validated annually by QSA with quarterly network scans.
AES-256 at rest, TLS 1.3 in transit. Card data tokenized immediately — raw numbers never stored.
Redundant data centers, DDoS protection, WAF, IDS/IPS, real-time monitoring, automated vulnerability scanning.
RBAC, MFA for all systems, regular reviews, principle of least privilege.
Containment within 4 hours, notification within 72 hours, full remediation and post-incident analysis.
99.7% uptime target, auto failover, real-time replication, regular DR testing.