Services
Regulatory & AML Compliance EMI & PSP Licensing Licence Brokering Technical Advisory & Vendor Selection Product Strategy Recruitment Partnerships
Company
About Case Studies Insights Contact Book a consultation
Home / Services / Regulatory & Compliance
Flagship service · Compliance

Fintech Regulatory & AML Compliance

Being a licensed or SRO-affiliated financial intermediary comes with continuous regulatory obligations, and most of them live in documentation and controls that need to keep pace with how the business actually operates. This is the service we spend the most time on, because it's the one area where a gap can suspend your ability to trade overnight.

What we cover

Policy

AML & CTF policy

Risk-based AML/CTF policy drafted for your actual customer base, product and geography — not a generic template that won't survive a regulator review.

Controls

Transaction monitoring

Rules, thresholds and escalation procedures for transaction monitoring, calibrated to your typical customer behaviour and false-positive tolerance.

Screening

Sanctions & PEP screening

Screening procedures and escalation workflows aligned to your onboarding and payment flows, including ongoing monitoring for existing customers.

Governance

Anti-bribery & corruption policy

Policy design covering gifts, hospitality, third-party risk and whistleblowing routes appropriate to a regulated financial entity.

People

MLRO & compliance function support

Advisory support for your MLRO, including escalation review, regulator correspondence and, in some engagements, interim or fractional MLRO cover.

Assurance

Audit & regulator review preparation

Gap review against current licence conditions and regulator expectations, ahead of an internal audit, external audit or scheduled supervisory visit.

Switzerland

Swiss SRO affiliation, explained properly

Switzerland handles AML supervision differently from the UK and EU, and this is one of the most misunderstood parts of Swiss fintech and financial services set-up. Rather than a single "EMI licence," most financial intermediaries — payment facilitators, asset managers, currency exchanges, and other AML-exposed businesses — are required under the Anti-Money Laundering Act (AMLA) to affiliate with a FINMA-recognised Self-Regulatory Organisation (SRO), such as VQF, PolyReg or ARIF. The SRO supervises your AML compliance on FINMA's behalf; it is not itself a product licence, and it does not authorise deposit-taking or e-money issuance.

Above certain thresholds — for example, larger deposit-like balances or investment-scale activity — a business may instead need a FINMA Fintech licence under Article 1b of the Banking Act, or in some cases a full banking licence. We've seen SRO affiliation marketed online as if it were equivalent to a banking or payments licence, which it is not, and we think founders deserve a straight answer on this before they commit budget to the wrong route. Our Swiss advisory covers:

Vendor & technology fit for compliance

Good policy only works if the tooling behind it can actually execute it. We regularly get pulled into compliance engagements specifically to assess whether a KYC provider, transaction monitoring system or case management tool is fit for purpose — reviewing vendor shortlists, running structured RFPs, and sense-checking build-vs-buy decisions against what a regulator will expect to see working in practice, not just described in a policy document. See our technical advisory & vendor selection service for more on how we run that evaluation.

Our process

  1. Understand the gap. Review current documentation and controls against your licence conditions, SRO requirements, or regulator expectations.
  2. Draft & calibrate. AML, anti-bribery and transaction monitoring documentation and rule sets built for your specific operating model.
  3. Review. Working sessions with your compliance function and, where relevant, your MLRO, to pressure-test the drafts.
  4. Close out. Final sign-off sessions to answer any remaining question or gap before your audit, renewal or regulator visit.

Frequently asked questions

Do I need an SRO in Switzerland, or a FINMA licence?

Most financial intermediaries handling third-party funds or providing AML-exposed services in Switzerland need to affiliate with a FINMA-recognised SRO under the AML Act. A direct FINMA licence, such as the Fintech licence under Article 1b of the Banking Act, or a full banking licence, typically only applies above certain deposit or activity thresholds. We assess your specific model to confirm which route applies to you.

Is SRO affiliation the same as a licence?

No. SRO affiliation is a mandatory AML supervision arrangement, not a standalone product or activity licence. It confirms you're supervised for AML purposes; it doesn't itself authorise deposit-taking, e-money issuance or other regulated activities that may require separate FINMA authorisation.

What documentation does a licensed EMI need to maintain?

Typically an AML/CTF policy, an anti-bribery and corruption policy, a transaction monitoring procedure, sanctions and PEP screening procedures, a risk assessment, and governance documentation such as board and committee terms of reference — kept current against your actual operating model, not just at authorisation.

Can you act as our outsourced MLRO or compliance function?

We support MLRO functions with policy design, escalation review and regulator liaison. Some engagements include interim or fractional MLRO support depending on jurisdiction and the entity's governance requirements.

Related services

Licensing

EMI & PSP Licensing

Where most of these compliance requirements originate.

Learn more →
Technical

Vendor Selection

Choosing KYC and monitoring tools that hold up under audit.

Learn more →
People

Fintech Recruitment

Build the compliance team to own this day-to-day.

Learn more →

Documentation gap before your next audit or SRO renewal?

We'll tell you honestly where the gaps are and help you close them.

Book a consultation