Compliance
AML / KYC policies that banks and regulators accept.
We prepare implementable AML/CFT and KYC frameworks for fintech, crypto and cross-border businesses:
risk-based policy, onboarding rules, sanctions screening, ongoing monitoring, escalation and reporting —
aligned with your transaction flows and operating model.
If you are preparing for licensing or bank/PSP onboarding, we align policies with the applicable rulebook and your internal roles.
What you get (baseline)
- Risk-based AML/CFT Policy + KYC procedures.
- CDD/EDD rules + client risk scoring logic.
- Sanctions/PEP/adverse media screening workflow.
- Ongoing monitoring + STR/SAR escalation trail.
Often packaged with data protection and
crypto licensing.
Deliverables
AML/KYC pack — typical deliverables
Scope depends on your risk profile (markets, client types, products, transaction volumes, custody) and whether you are regulated.
Below is a practical baseline used for many fintech and digital asset projects.
Core
AML/CFT Policy
Risk-based framework that matches your business model.
- Risk assessment approach and governance.
- Client, geography, product and channel risk factors.
- Controls mapping and evidence trail.
- Recordkeeping and reporting baseline.
Used for licensing, banking, institutional due diligence.
Core
KYC / CDD & EDD procedures
Clear onboarding rules your team can execute.
- KYC checklists (individuals / corporates).
- UBO verification and control structure logic.
- Source of funds / source of wealth evidence rules.
- Periodic reviews and refresh triggers.
Designed for fast onboarding without compliance gaps.
Core
Sanctions & screening controls
List screening, escalation and restricted activity rules.
- Sanctions policy and screening frequency.
- PEP and adverse media baseline.
- Hit handling + false-positive workflow.
- Freeze/reject/exit logic (where relevant).
Critical for cross-border and crypto transaction flows.
Add-on
Transaction monitoring rules
Practical scenarios and thresholds tied to your flows.
- Monitoring scenarios (typologies) and red flags.
- Alert handling workflow and case notes.
- Escalation and decision-making chain.
- Ongoing monitoring cadence and KPIs.
Most “template” policies fail exactly here.
Add-on
Governance: MLRO / Compliance
Roles, independence, reporting and training baseline.
- MLRO/Compliance role description and delegation.
- Reporting cadence (management / board).
- Internal escalation path and approvals.
- Training plan and policy attestation.
Often requested by regulators and partner banks.
Add-on
Travel rule & crypto specifics
If you handle crypto transfers or custody.
- Wallet screening / wallet risk scoring baseline.
- Counterparty VASP/PSP due diligence logic.
- Travel rule information exchange (if applicable).
- Custody/segregation and chain-of-transaction evidence.
Aligned to your stack and jurisdictions.
Approach
How we build AML/KYC (so it passes diligence)
Banks and regulators look for consistency between your flows, controls, evidence and escalation.
We map the operating model first and only then draft policies and procedures.
What we map first
- Client types, geographies, products and delivery channels.
- Flow of funds/assets (fiat rails, wallets, custody, conversions).
- Counterparties: banks, PSPs, liquidity providers, custodians.
- Technology stack, outsourcing and access responsibilities.
Output: a controls map showing “who does what”, required evidence, escalation and reporting lines.
Typical engagement paths
Banking readiness
AML/KYC + sanctions → onboarding SOPs → evidence pack for bank/PSP.
Licensing readiness
Policies set → governance roles → narrative alignment for the application.
Operational scale
Monitoring rules → periodic reviews → KPIs and reporting cadence.
Existing framework clean-up
Gap analysis → rewrite only what fails diligence → implementable procedures.
Related: Crypto licensing and
Data protection.
FAQ
Common questions
Short answers. We align to your regulator, bank or institutional counterparty requirements.
Can we use a generic AML policy template?
You can, but templates usually fail due diligence: they don’t match your real flows, screening logic, roles and evidence trail. We adapt the framework to your operations so it is defensible and executable.
Do you also prepare KYC checklists and onboarding forms?
Yes. We provide checklists for individuals/corporates, UBO verification logic, SOF/SOW evidence rules and refresh triggers — plus a practical onboarding SOP for your team.
What do banks typically ask for first?
A clear AML/KYC policy, sanctions screening workflow, onboarding procedures, monitoring logic, evidence retention, and understanding of your counterparties and transaction flows.
Do you support regulator or bank Q&A after we share the pack?
Yes. We help structure responses, provide documentation support and adjust policies when comments require operational changes.
Need an AML/KYC framework that you can actually run?
Share your products, target markets, client types, whether you touch client assets, and your banking/licensing goal.
We will propose a structured AML/KYC scope and the first deliverables.
If you already have documents, we can run a gap analysis and rebuild only what fails diligence.
Good fit for this service:
- Crypto/fintech onboarding clients across borders.
- Projects preparing for banking or PSP onboarding.
- Teams needing implementable KYC + monitoring SOPs.
- Businesses with outsourcing-heavy tech stacks.
We focus on execution: controls, evidence trail, escalation and reporting — not just “nice-looking” documents.