Product • Compliance Starter Pack
Compliance Starter Pack: implementable AML/KYC + governance controls that survive banking and partner scrutiny.
Many teams have “policies”, but they don’t match real onboarding flows, risk profile, vendors or responsibilities.
Banks, PSPs, auditors and regulated counterparties look for consistency: who does what, how risks are assessed,
how alerts are handled, and where evidence is stored. This pack builds a minimum viable compliance system — not templates.
Outcome: a coherent compliance baseline your team can execute and explain to counterparties.
Core: AML / KYC Policy
Core: Onboarding Procedures
Core: Compliance Manual
Core: Risk Framework
Core: BCP
Best fit for this pack
- Crypto/Web3 teams onboarding users globally.
- Fintech platforms with payments or fiat rails.
- Projects preparing for banking or PSP onboarding.
- Businesses preparing for licensing or audits.
Often paired with Website Legal Pack and
Company Setup Pack.
Why compliance fails
What this pack fixes (common “template problems”)
Most issues are not about having zero documents — but about mismatch between documents and real operations.
Mismatch
Policies don’t match flows
Onboarding and monitoring are described, but not executable.
- No clear CDD/EDD decision logic.
- No risk scoring tied to user types.
- Unclear sanctions/PEP workflow.
- No evidence trail or retention logic.
Counterparties see this instantly.
Roles
Nobody “owns” compliance
Responsibilities and approvals are not defined.
- No escalation workflow or approvals matrix.
- No alert handling responsibilities.
- No periodic review process.
- No reporting cadence to management.
Leads to failures during audits and DD.
Operational
No continuity or incident plan
Outages, incidents and vendor risks are not addressed.
- No business continuity plan baseline.
- No outsourcing/vendor controls.
- No recordkeeping framework.
- No risk framework for change management.
Banks and partners often require this.
Deliverables
What Compliance Starter Pack includes
Minimum viable compliance documentation + procedures aligned to your actual onboarding and risk profile.
Core
AML / KYC Policy
Risk-based framework aligned to your users and geographies.
- CDD/EDD rules and triggers.
- Client risk scoring approach.
- SOF/SOW evidence baseline (if needed).
- Sanctions/PEP/adverse media controls.
Built for practical execution, not “paper compliance”.
Core
Onboarding procedures (SOPs)
Step-by-step procedures your team can run daily.
- Onboarding workflow and approvals.
- Verification, screening, and escalation logic.
- Ongoing monitoring baseline.
- Periodic reviews and remediation actions.
Key for banking/PSP onboarding and audits.
Core
Compliance Manual
Roles, responsibilities, reporting and controls register.
- Responsibility matrix (who does what).
- Approvals and escalation workflow.
- Controls register and reporting cadence.
- Recordkeeping and evidence trail rules.
Makes compliance “ownable” inside the team.
Core
Risk Management Framework
Risk taxonomy and monitoring posture (baseline).
- Risk categories and ownership.
- Risk assessment and monitoring logic.
- Incident / breach escalation baseline.
- Change management and vendor risk approach.
Often required in regulated environments.
Core
Business Continuity Plan (BCP)
Continuity and recovery posture that banks/partners understand.
- Critical functions and recovery priorities.
- Backup, access and continuity baseline.
- Communication plan and responsibilities.
- Testing and review cadence baseline.
Not complex — but must be credible and consistent.
Optional
Gap analysis & upgrades
If you already have policies, we upgrade only what is missing.
- Consistency check against actual flows.
- Bank/partner DD questionnaire readiness.
- Vendor/outsourcing controls improvements.
- Evidence trail and recordkeeping improvements.
Saves time if you have partial documents already.
Process
How we build an implementable compliance baseline
The focus is execution: flows, roles, evidence, and the ability to answer counterparties confidently.
1
Map flows & risk profile
Users, geographies, products, custody responsibility, payments, vendors.
2
Define controls
CDD/EDD logic, sanctions screening, monitoring, escalation, recordkeeping.
3
Draft policies & SOPs
Policies that match your actual processes, tools and roles.
4
Implement & validate
Placement, evidence trail, questionnaire readiness, and final consistency check.
Output: a compliance system that can be executed by your team and defended in partner/banking conversations.
Inputs
What we need from you (simple checklist)
You don’t need to prepare “regulatory documents”. A factual description is enough.
Business & users
- What your product does and who your clients are.
- Geographies you target and exclude.
- Whether you hold client assets or use third parties.
- Any “high-risk” segments (cash-intensive, high-risk jurisdictions, etc.).
We convert this into risk scoring + EDD triggers.
Operations & tools
- Onboarding journey (KYC steps, approvals, manual reviews).
- Sanctions/PEP screening tools (if any) or planned tools.
- Where documents and evidence are stored.
- Who will own compliance internally (even part-time).
We align policies to tools so the system is executable.
FAQ
Common questions
Compliance is not “documents”. It’s how you onboard, monitor, store evidence and make decisions.
Is this enough for licensing?
It is a solid baseline. Licensing usually requires jurisdiction-specific adjustments, role requirements and an application package — covered by Crypto License Pack.
Can you adapt documents to a specific jurisdiction?
Yes. We build a risk-based baseline first, then tailor to the chosen regime (EU MiCA, UAE, AIFC, others) where needed.
Do you include implementation in the product (tools, CRM, training)?
We design implementable procedures and evidence logic. Hands-on implementation and training can be added as bespoke support.
We already have policies — what then?
Great. We can start with a gap analysis and upgrade only what is inconsistent, missing or not defensible.
Need compliance that banks and partners actually accept?
Send a short description: what you do, where users are from, whether you custody assets, and your priority (banking, PSPs, licensing, audits).
We’ll propose the exact compliance scope and deliverables.
If you already have documents, we can start with a gap analysis and upgrade only what is missing.
Good fit for this pack:
- You are preparing for banking/PSPs or a major partner.
- You need a minimum viable AML/KYC system that works.
- You are approaching licensing and want fewer reworks.
- You want procedures your team can execute daily.
We build around real flows — that’s what gets scrutinized.