Compliance is not a box-ticking exercise. It’s the thing that keeps your company licensed, your bank accounts open, and your reputation intact. We’ve spent nearly 30 years watching businesses get this wrong — operators who treated KYC as an afterthought, companies that ignored evolving AML directives until a regulator came knocking, startups that assumed GDPR didn’t apply because they were based outside the EU. It always catches up.

The regulatory landscape shifts constantly. The EU’s Anti-Money Laundering Directives get tighter with every revision. FATF grey lists reshuffle. Jurisdictions that were lenient five years ago now require full compliance infrastructure before they’ll even process your application. The businesses that survive are the ones that build compliance into their operations from day one — not the ones that bolt it on after a warning letter.

We don’t just list the law. We explain how to survive it — and we build the policies, processes, and reporting structures that keep you on the right side of it.

That’s what we do. Whether you’re setting up a new company and need compliant KYC procedures from the start, or you’re an established operation that needs an audit and a fresh set of policies, we’ll tailor everything to your industry, your jurisdiction, and the regulators you answer to. One provider, end to end.

What we cover

KYC

Know Your Customer policies tailored to your industry and jurisdiction. We define what documentation you need to collect — passport, proof of address, source of funds — and build the onboarding procedures that satisfy your regulator. Requirements vary significantly between jurisdictions; we make sure yours are right for where you operate.

AML / CTF

Anti-money laundering and counter-terrorist financing policies that go beyond the template. We assess your risk profile, draft internal procedures for detecting and reporting suspicious activity, and set up the monitoring processes your compliance officer needs. Whether you fall under the EU’s AML Directives, FinCEN rules, or jurisdiction-specific frameworks, we’ll build policies that hold up to scrutiny.

GDPR

Data protection compliance for any business that touches EU citizens’ data — even if you’re based outside Europe. We handle data processing agreements, breach notification protocols, storage limitation policies, and the controller-processor documentation that regulators expect to see. Fines run up to €20 million or 4% of global turnover. We’d recommend not finding out the hard way.

Compliance Audits

A full review of your compliance posture — risk management, internal policies, external obligations, and where the gaps are. Rules change quickly, especially around AML and CTF. We evaluate what you have, tell you what’s missing, and help you implement the changes before a regulator finds them first.

Regulatory Reporting

Most jurisdictions require periodic compliance reports, breach disclosures, and ongoing monitoring documentation. We work alongside your team to produce the reports your compliance officer is responsible for — including AML activity reports, suspicious transaction filings, and regulatory submissions.

Authority Liaison

Dealing with regulators, banks, and payment providers is time-consuming and often frustrating. We handle the back-and-forth — from licence-related compliance communications to banking negotiations and ongoing regulatory dialogue. We’ve worked across dozens of jurisdictions and have the relationships to move things along efficiently.

Common questions about compliance

What documents do I need for KYC?

At a minimum: a certified copy of your passport, recent proof of address (utility bill or bank statement issued within three months), and a source of funds declaration. Depending on the jurisdiction and industry, you may also need bank references, professional references, details on expected account activity, and company documentation including director and shareholder information. For high-risk sectors like gaming or crypto, expect enhanced due diligence — we’ll give you the exact checklist for your situation before you start gathering anything.

How are KYC and AML related?

KYC is one component of a broader AML framework. Anti-money laundering compliance covers everything from customer identification and transaction monitoring to suspicious activity reporting and staff training. KYC specifically focuses on the four core steps: identifying the customer, verifying their identity, understanding their activities and fund sources, and monitoring their ongoing behaviour. In practice, your KYC procedures sit inside your AML policy — you can’t have one without the other.

Does GDPR apply to businesses outside the EU?

Yes. If you offer services to EU citizens or residents, or process their personal data in any way, GDPR applies to you — regardless of where your company is based. A business in North America, Asia, or the Caribbean with even one EU client is bound by the regulation. We’d recommend treating GDPR compliance as a baseline rather than an exception. The policies you put in place for GDPR will also help you meet data protection requirements in other regions.

How often should we audit our compliance?

At least annually, and more frequently if your industry or jurisdiction has seen regulatory changes. AML and CTF rules in particular evolve quickly — what was compliant two years ago may have gaps today. We’d recommend a full compliance audit whenever you enter a new market, onboard a new type of client, or receive any communication from a regulator that suggests closer attention. An audit is significantly cheaper than a fine.

Can you handle compliance for a business that’s already operating?

Absolutely. Many of our clients come to us after launch — sometimes because they’ve outgrown their initial setup, sometimes because a regulator has flagged something. We’ll audit your current compliance posture, identify what needs to be fixed or strengthened, draft updated policies, and handle the implementation. Whether you’re a startup or a multinational, single-office or multi-jurisdiction, we tailor everything to your actual situation.

Not sure where you stand on compliance?

Nearly 30 years. KYC, AML, GDPR, and everything in between. We’ll tell you what applies and build what you need.

Talk to our team