Home / Guides / AML/KYC for Crypto Explained
Crypto uptrend chart tablet — AML/KYC for Crypto Businesses:Complete Compliance Guide 2026
Compliance Guide · Updated 2026

AML/KYC for Crypto Businesses:
Complete Compliance Guide 2026

Anti-money laundering and know-your-customer compliance are not optional for crypto businesses — they are the foundation of your licence, your banking relationships, and your long-term survival. This guide explains exactly what AML and KYC require, how the global legal framework applies to VASPs, and what an effective compliance program looks like in 2026.

Reading time~10 minutes
Regulations coveredFATF, EU 6AMLD, US BSA, UK MLR, UAE
Last updatedMarch 2026
Lead Expert

Meet Dr. Marcus Hartmann

Dr. Marcus Hartmann — Senior Crypto Licensing Advisor
Dr. Marcus Hartmann
Senior Licensing Advisor · Zug, Switzerland
LL.M. International Financial Law · Dr. iur. · Zurich Bar

Dr. Marcus Hartmann has spent over two decades at the intersection of financial law and emerging technology. Based in Zug — Switzerland's Crypto Valley — he has guided startups, trading platforms, and institutional investors through the full spectrum of VASP licensing: from FINMA FinTech notifications to MiCA CASP applications and offshore structuring across 60+ jurisdictions.

He joined CryptoLicenses.net as Senior Licensing Advisor after a decade leading the fintech practice of a Swiss-regulated law firm, where he managed regulatory mandates in the UAE, Singapore, Liechtenstein, and the Cayman Islands.

22 years in financial services regulation
400+ crypto licensing mandates across 60+ jurisdictions
Certified AML Officer (ACAMS), FINMA-registered
Fluent in English, German, and French
View Full Profile →

This guide was researched and written by Dr. Marcus Hartmann, Senior Licensing Advisor at CryptoLicenses.net.

Key Takeaways
  • AML (Anti-Money Laundering) refers to the full system of controls to prevent, detect, and report money laundering activity
  • KYC (Know Your Customer) is the identity verification component of AML — confirming who your customers are before they transact
  • AML/KYC compliance is mandatory for all Virtual Asset Service Providers (VASPs) globally under FATF Recommendation 15
  • Key legal instruments: FATF R.15, EU 6th AMLD, US Bank Secrecy Act, UK Money Laundering Regulations 2017, UAE Cabinet Decision 111/2022
  • Non-compliance penalties reach into the billions — Binance paid $4.3B in 2023, the largest financial crime settlement in history
  • Regulators are increasingly sophisticated: blockchain analytics, cross-border data sharing, and AI monitoring mean evasion is harder than ever
Section 1

What Are AML and KYC?

Anti-Money Laundering (AML) is the broad framework of laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. For a crypto business, AML encompasses everything from how you assess customer risk to how you monitor transactions, screen against sanctions lists, and report suspicious activity to financial intelligence units.

Know Your Customer (KYC) is the identity verification process within that framework. Before onboarding a customer — or at defined transaction thresholds — you must collect and verify information that proves who they actually are. This typically means government-issued ID, proof of address, and in many cases a selfie or liveness check for biometric matching.

The Key Distinction

KYC answers the question: "Who is this person?" AML answers the question: "What are they doing with their money, and does it look suspicious?" KYC is the gatekeeper at onboarding. AML is the ongoing surveillance that continues throughout the relationship.

In practice, the two are inseparable. Without solid KYC, your AML transaction monitoring is worthless — you cannot assess whether a transaction is suspicious if you do not know who is conducting it. And strong KYC alone is insufficient if you have no mechanism to detect patterns of suspicious behaviour after onboarding.

How This Applies to Crypto

Crypto introduces complications that traditional finance does not face: pseudonymous on-chain activity, instant cross-border transfers, decentralised protocols, and the technical ability to obfuscate transaction trails using mixers or privacy coins. Regulators have responded by extending AML obligations — originally designed for banks — to any entity that exchanges, transfers, or custodies virtual assets professionally. This includes exchanges, OTC desks, custodians, crypto brokers, and increasingly DeFi protocol operators where a service provider is identifiable.

"AML compliance in crypto is not a checkbox exercise — it is an operational discipline. The exchanges that have survived regulatory scrutiny in 2026 are the ones that built their compliance programs before they needed them, not after an enforcement notice arrived. Every VASP I have advised that treated AML as a core competency from day one has had a fundamentally different relationship with its regulator than those who retrofitted compliance onto an existing operation."

— Dr. Marcus Hartmann, Senior Licensing Advisor
Section 3

KYC Requirements for Crypto — Three-Tier Verification

Most crypto compliance frameworks use a risk-based, tiered approach to KYC. Higher transaction volumes and higher-risk customer profiles trigger more intensive verification. The following structure reflects best practice under EU/FATF guidance as of 2026.

T1
Tier 1 — Basic Access (Limit: <€1,000/day)

The lowest verification tier, used for low-value or exploratory access. Customers provide an email address and phone number. Identity is not formally verified against a government document. Transaction and withdrawal limits are strict — typically €1,000 per day or €2,000 per month aggregate across the platform.

Tier 1 is appropriate for users who want to explore the platform or make small transactions, but regulators are increasingly scrutinising whether this tier creates a loophole. Under EU's revised AMLD framework, even basic access may require an identity declaration. Review your jurisdiction's specific rules before implementing a Tier 1 regime.

Documents required: Email address (verified), mobile phone number (verified via OTP). No government ID at this tier.
T2
Tier 2 — Standard KYC (Limit: €1,000–€15,000/day)

The standard tier for retail customers. Customers must provide a government-issued photo ID (passport, national ID card, or driving licence) and a selfie or liveness check for biometric comparison. Address verification is required — typically a utility bill or bank statement dated within 3 months.

The identity check must be completed by an automated identity verification (IDV) provider in real time, or manually reviewed within defined SLAs. The system must check the document's authenticity (NFC chip reading or document forensics), compare the selfie to the ID photo, and screen the name against sanctions lists (OFAC, UN, EU) and Politically Exposed Person (PEP) databases before approval.

Source of funds enquiry is triggered for transactions approaching the upper tier limit (typically €10,000+), even within Tier 2.

Documents required: Government-issued photo ID + selfie/liveness check + proof of address (utility bill or bank statement, max 3 months old).
T3
Tier 3 — Enhanced Due Diligence (Limit: >€15,000/day)

Enhanced Due Diligence (EDD) is required for high-volume customers, high-risk profiles, or customers from high-risk jurisdictions. In addition to Tier 2 documents, EDD requires: proof of source of wealth (not just source of funds — where did the overall wealth come from?), a detailed business relationship questionnaire, enhanced ongoing monitoring with lower alert thresholds, and senior management approval for onboarding.

For corporate customers at Tier 3, the process extends to full beneficial ownership verification (all UBOs with ≥25% ownership or effective control), corporate structure diagrams, certificate of incorporation, articles of association, evidence of business activity, and KYC packages for each director and UBO individually.

EDD relationships must be reviewed at least annually, or more frequently if risk indicators change. EDD customers should be flagged in your monitoring system for manual review of flagged transactions, regardless of alert thresholds.

Documents required: All Tier 2 documents + Source of Wealth declaration + Supporting evidence (tax returns, audited accounts, property records) + Business relationship questionnaire. Corporate customers: full UBO structure + director KYC for each individual.
Section 4

AML Program Components — Five Pillars

A compliant AML program is more than a KYC checklist. Regulators expect a documented, operational program covering five core pillars. Missing any one of these pillars will result in findings during an AML audit or regulatory examination.

01
Customer Risk Assessment
Every customer must be assigned a risk rating (low / medium / high) based on a documented methodology. Factors include: jurisdiction of residence, type of customer (individual vs. corporate), business activity, transaction volumes, and PEP/sanctions status. Risk ratings must be reviewed periodically and whenever material changes occur. The rating determines the level of due diligence applied and the monitoring thresholds set for that customer.
02
Transaction Monitoring
An automated transaction monitoring system (TMS) must analyse all transactions in real time or near-real time, generating alerts when predefined rules or model-based thresholds are triggered. Rules typically cover: large single transactions, unusual patterns relative to customer profile, rapid movement of funds (layering indicators), high-frequency micro-transactions (structuring), and blockchain-specific risks (mixing, dark market associations). All alerts must be investigated and documented, with a disposition (closed / escalated to SAR) within defined SLAs.
03
Sanctions Screening
Every customer and counterparty must be screened against global sanctions lists: UN Consolidated List, OFAC SDN List, EU Consolidated Sanctions List, UK HMT Financial Sanctions, and others relevant to your customer base. Screening must occur at onboarding and on an ongoing basis — sanctions lists are updated daily, and a customer who was clean at onboarding may be sanctioned later. Wallet address screening against OFAC-designated addresses is also required for US-nexus operations. Hits must be frozen, reported, and managed per legal requirements — typically within 24 hours of discovery.
04
Suspicious Activity Reports (SARs)
When your transaction monitoring or staff identifies suspicious activity that cannot be resolved through investigation, a Suspicious Activity Report (SAR) — called a Suspicious Transaction Report (STR) in some jurisdictions — must be filed with the relevant Financial Intelligence Unit (FIU). In the US, this is FinCEN. In the UK, the NCA. In the EU, national FIUs. SARs must be filed within 30 days of suspicion arising (some jurisdictions mandate faster reporting). Critically: you must not tip off the customer that a SAR has been filed — this is the "tipping off" prohibition. The SAR process and all investigation records must be documented and retained for 5–7 years.
05
Staff Training
All staff who interact with customers, transactions, or compliance systems must receive documented AML training at least annually. Training must cover: recognising red flags for money laundering and terrorist financing, the firm's internal reporting procedures (how to escalate to the MLRO), the tipping-off prohibition, and personal liability for AML violations. New hires must be trained before they begin work involving customer-facing or financial activities. Training completion must be recorded and maintained as part of the compliance record. Regulators routinely test staff knowledge during examinations — inadequate training is a common enforcement finding.
Section 5

Enhanced Due Diligence — When EDD is Required

Enhanced Due Diligence is the highest level of customer scrutiny, required when a customer or transaction presents elevated money laundering or terrorist financing risk. The following situations automatically trigger EDD obligations under FATF guidance and most national implementations.

Politically Exposed Persons (PEPs)

A PEP is any individual who holds or has held a prominent public function — heads of state, senior government officials, senior executives of state-owned enterprises, senior military officers, senior judiciary, and their family members and close associates. PEPs are not automatically prohibited as customers, but they carry elevated corruption risk by virtue of their position. EDD is mandatory for all PEPs: enhanced source of wealth verification, senior management sign-off at onboarding, and enhanced ongoing monitoring. Foreign PEPs (from outside your jurisdiction) are treated as higher risk than domestic PEPs in most frameworks.

High-Risk Countries

FATF publishes two lists relevant to EDD triggers: the "black list" (High-Risk Jurisdictions Subject to a Call for Action — currently North Korea, Iran, Myanmar) and the "grey list" (Jurisdictions Under Increased Monitoring). Customers resident in, or transactions involving, listed countries trigger EDD. The EU maintains its own high-risk third-country list which may differ from FATF. For US-regulated entities, OFAC country-based sanctions add additional restrictions beyond EDD.

Large or Unusual Transactions

Transactions that are materially inconsistent with a customer's established profile — a sudden large deposit from a new source, an unusual counterparty jurisdiction, a transaction structure with no apparent economic rationale — trigger enhanced review. "Large" thresholds vary by jurisdiction but FATF guidance identifies $15,000 as a typical cash transaction reporting threshold; crypto platforms often apply lower thresholds given the speed and scale of digital asset movement.

Correspondent Relationships

When your platform has a business-to-business relationship with another VASP (e.g., acting as a liquidity provider, aggregator, or white-label partner), this is treated as a correspondent relationship. EDD must be applied to the counterpart VASP: assess their AML program, obtain senior management approval for the relationship, and document ongoing oversight. Shell VASP relationships — entities with no real regulatory oversight or compliance substance — must be refused.

MLRO Responsibility: The Money Laundering Reporting Officer (MLRO) — or equivalent Chief Compliance Officer — bears personal legal responsibility for the adequacy of the AML program. In many jurisdictions, the MLRO can be criminally prosecuted if the firm fails to implement required AML measures. This person must be a named, senior individual with direct board access, not a nominal appointment.

Section 6

Crypto-Specific AML Challenges

Crypto introduces compliance challenges that have no direct equivalent in traditional finance. Understanding these challenges — and the regulatory and technological responses to them — is essential for building an AML program that actually works.

Pseudonymity

Blockchain addresses are pseudonymous, not anonymous. A Bitcoin address reveals all associated transactions but not the identity of the owner — unless the owner interacts with a regulated VASP that has completed KYC. The compliance approach: rigorously link on-chain activity to off-chain identity at every deposit and withdrawal. Use blockchain analytics to trace transaction history both upstream (where did the funds originate?) and downstream (where did the funds go after leaving your platform?). A wallet with direct exposure to a dark market or sanctions entity — even several hops removed — requires investigation and likely SAR filing.

DeFi and Non-Custodial Protocols

Decentralised finance protocols pose fundamental compliance challenges: there is often no identifiable service provider, no KYC capability, and no central point of control. The regulatory trend is toward front-end regulation: if your entity operates the UI, manages smart contract upgrades, collects fees, or has governance control, you may be treated as a VASP. The EU's MiCA framework explicitly carves out "fully decentralised" protocols but applies full obligations to partially centralised DeFi. Monitor ESMA and national regulator guidance closely — the definition of "decentralised" is actively contested.

Mixers and Tumblers

Cryptocurrency mixers (also called tumblers) are services that pool and re-distribute cryptocurrency to obscure transaction trails. Using funds that have passed through a known mixer is a major red flag. OFAC sanctioned Tornado Cash in 2022, making it illegal for US persons to interact with it. Most blockchain analytics platforms can detect mixer exposure. Any customer depositing funds with recent mixer exposure must be investigated and the relationship reviewed. Accepting funds with high mixer exposure without investigation is a regulatory violation.

Privacy Coins

Privacy coins (Monero, Zcash in shielded mode, Dash via PrivateSend) use cryptographic techniques to hide transaction amounts and addresses. Transacting in privacy coins creates audit trail gaps that regulators consider inherently high-risk. Several jurisdictions — including Japan, South Korea, and Australia — have effectively banned privacy coin trading on licensed exchanges. EU MiCA guidance suggests privacy coins present significant AML challenges. If you support privacy coins, document your risk rationale carefully and implement compensating controls.

Cross-Chain Transactions

Cross-chain bridges and atomic swaps allow assets to move across blockchains, potentially breaking the analytics trail. A transaction might originate on Ethereum, bridge to a Layer 2, bridge again to Solana, and arrive at your platform — with each bridge potentially obscuring the original source. The compliance approach: require source of funds documentation for large cross-chain deposits, use multi-chain analytics tools, and apply enhanced scrutiny to funds arriving from chains or bridges with known high-risk exposure.

◆ Need Help?

Not sure which licence fits your business? Get a free 30-minute consultation with our advisors. We'll review your model and recommend the right jurisdiction.

Get Free Consultation →
Section 7

AML Technology & Tools

No manual compliance program can adequately monitor the volume and velocity of crypto transactions. Effective AML compliance requires purpose-built technology across three functional areas: blockchain analytics, transaction monitoring, and identity verification.

Blockchain Analytics
Chainalysis
The market leader in blockchain analytics, used by over 900 cryptocurrency businesses and 70+ governments. Provides real-time transaction screening against thousands of risk categories including sanctions entities, darknet markets, ransomware wallets, and high-risk exchanges. Chainalysis KYT (Know Your Transaction) integrates via API and assigns risk scores to every transaction. Also used by regulators for investigations — meaning the same tool that law enforcement uses can power your compliance program.
Blockchain Analytics
Elliptic
Elliptic offers holistic blockchain analytics covering 99% of crypto asset market cap including DeFi protocols and NFTs — areas where Chainalysis coverage has historically been thinner. Its Nexus product enables cross-chain tracing, following funds as they move between blockchains. Elliptic is particularly strong on VASP-to-VASP risk profiling and is favoured by many European institutions for its EU data residency options.
Blockchain Analytics
TRM Labs
TRM Labs provides blockchain intelligence with deep coverage of emerging chains and specialisation in sanctions compliance. TRM's Forensics product is widely used for SAR preparation and regulatory examination support. Strong on Southeast Asian market coverage and APAC regulatory requirements. TRM also offers a Travel Rule compliance module for VASP-to-VASP data exchange.
Transaction Monitoring
ComplyAdvantage / Featurespace / Nasdaq Verafin
Transaction monitoring platforms analyse customer behaviour patterns over time, not just individual transactions. ComplyAdvantage combines sanctions screening with AI-powered transaction monitoring, providing a unified alert management workspace. Featurespace uses adaptive behavioural analytics. Nasdaq Verafin is preferred by larger institutions with cross-product complexity. Key capability: the system must explain why an alert was generated (explainable AI) — black-box models create regulatory risk in jurisdictions requiring documented investigation trails.
Identity Verification
Jumio / Onfido / Sumsub
Identity verification APIs automate the KYC onboarding process: document scanning, NFC chip reading, facial biometrics, liveness detection, and database checks. Jumio and Onfido are enterprise-grade solutions used by tier-1 exchanges. Sumsub has strong penetration in European crypto compliance with an end-to-end orchestration layer that covers KYC, EDD, transaction monitoring, and Travel Rule. Integration with your onboarding flow via API or SDK; most offer white-labelled mobile SDKs. Vendor selection should consider: coverage of your customer geographies, accuracy rates (false positives impact conversion), and regulatory acceptance in your jurisdiction.
Travel Rule
Notabene / Sygna / TRP (Travel Rule Protocol)
The FATF Travel Rule requires VASPs to share originator and beneficiary data with counterpart VASPs for transfers above the threshold. Travel Rule solutions create a secure messaging layer between VASPs for this data exchange. Notabene is the largest network with 600+ VASP connections. Sygna is preferred in Asian markets. TRP (Travel Rule Protocol) is an open-source, bank-backed alternative. Coverage varies — not every VASP is on every network, requiring multi-network solutions or bilateral integration for comprehensive compliance.

"The enforcement cases of the last three years share a common thread: regulators found not a lack of compliance rules, but a lack of compliance culture. Binance had policies on paper. What it lacked was leadership commitment to actually implement them. In 2026, the most important AML question regulators ask is not 'do you have a policy?' — it is 'can you demonstrate it is actually working?'"

— Dr. Marcus Hartmann, Senior Licensing Advisor
Section 8

Major Enforcement Cases — Lessons Learned

The most effective argument for investing in AML compliance is the cost of non-compliance. The following cases illustrate the scale of regulatory consequences — and the specific failures that led to them.

$
Binance — $4.3 Billion (2023) — Largest Financial Crime Settlement in History
The US Department of Justice, FinCEN, OFAC, and CFTC jointly fined Binance $4.3 billion — the largest penalty ever against a financial institution for AML violations. CEO Changpeng Zhao personally pleaded guilty and was sentenced to 4 months imprisonment. The violations: Binance knowingly allowed transactions with sanctioned entities (Iran, Russia, Cuba, Syria), failed to implement an adequate AML program, failed to file SARs for suspicious transactions totalling billions of dollars, and processed transactions for terrorist financing organisations including Hamas and Al-Qaeda. Lesson: Compliance cannot be deprioritised during growth. The failures were systemic and deliberately overlooked by leadership.
$
BitMEX — $100 Million (2021) — FinCEN / CFTC
BitMEX, the crypto derivatives exchange, was fined $100 million by FinCEN and the CFTC after its founders were criminally indicted for BSA violations. The exchange had operated for years without any KYC program, allowing anonymous trading with no customer identification. BitMEX served US customers while claiming to be outside US jurisdiction by operating from offshore. Three of the four founders pleaded guilty; the fourth was convicted at trial. Lesson: Claiming offshore status does not exempt a business from BSA obligations if it serves US persons. The absence of any KYC program was treated as willful non-compliance.
$
BitPay — $507,375 (2021) — OFAC Sanctions Violations
BitPay, a crypto payment processor, was fined by OFAC for processing 2,102 transactions totalling $128,582 for users in sanctioned jurisdictions (Cuba, Sudan, Syria, North Korea, Iran, Crimea). The violations occurred because BitPay's onboarding process only collected email addresses from customers — not location data — and failed to screen for sanctioned jurisdictions. Although a relatively small fine by crypto standards, OFAC's findings were instructive: the processor was responsible for sanctions violations committed by its customers, and email-only onboarding was inadequate. Lesson: Collecting and screening geolocation data at onboarding is a basic sanctions compliance requirement, not optional.
FAQ

AML/KYC for Crypto — Common Questions

KYC (Know Your Customer) in crypto refers to the identity verification process that Virtual Asset Service Providers (VASPs) must conduct before allowing customers to use their platform. It is required by FATF Recommendation 15 and implemented through national laws such as the EU's AMLD framework, the US Bank Secrecy Act, and the UK Money Laundering Regulations. The purpose is to ensure that VASPs can identify who their customers are, assess their risk profile, and prevent the platform from being used for money laundering, terrorist financing, or sanctions evasion. Failure to implement KYC can result in criminal charges, civil fines, and loss of operating licences.
The frequency of customer re-verification (also called Customer Due Diligence refresh) depends on the customer's risk rating. Low-risk customers: typically every 3–5 years, or when material changes occur. Medium-risk customers: every 2–3 years. High-risk customers and EDD cases: annually or more frequently if risk indicators change. Beyond scheduled reviews, re-verification is triggered by: expiry of identity documents, change in transaction patterns inconsistent with the customer profile, change in customer circumstances (new business activity, change of control), PEP status change, or sanctions list hit. The requirement to maintain current KYC records is ongoing — stale records are a common finding in AML audits.
A Suspicious Activity Report (SAR) must be filed when a VASP knows, suspects, or has reasonable grounds to suspect that a transaction or activity involves money laundering, terrorist financing, or proceeds of crime — and the suspicion cannot be resolved by investigation. In the US (FinCEN), SARs must be filed within 30 days of detecting suspicious activity, or 60 days if the subject cannot initially be identified. In the UK (NCA), the equivalent Suspicious Activity Report must be filed "as soon as practicable." In the EU, deadlines vary by member state but are typically 30 days. The SAR threshold in the US is $5,000 for crypto transactions. Critically: once you have filed a SAR, you must not tip off the customer. All SAR records must be retained for at least 5 years and may not be disclosed to anyone except the relevant authorities.
This is the most contested question in crypto compliance in 2026. FATF guidance states that "decentralised" means no identifiable natural or legal person controls the protocol — and in that narrow case, AML obligations may not apply. However, regulators globally are taking an increasingly expansive view. Under EU MiCA, if any entity provides a service related to the protocol — operating the frontend, managing smart contract upgrades, collecting fees, or exercising governance rights — that entity is likely a CASP and fully subject to AML obligations. The US CFTC has indicated that DeFi protocols offering derivatives are subject to CFTC jurisdiction regardless of technical architecture. If you operate any component of a DeFi protocol with economic purpose, assume AML obligations apply and seek legal advice specific to your jurisdiction before launch.
There is no single "best" AML software — the right stack depends on your size, transaction volumes, customer geographies, and regulatory jurisdiction. A typical compliant crypto exchange in 2026 uses: (1) A blockchain analytics tool for transaction screening — Chainalysis, Elliptic, or TRM Labs depending on chain coverage needs. (2) An identity verification API for KYC onboarding — Jumio, Onfido, or Sumsub. (3) A sanctions screening database — Dow Jones Risk & Compliance, Refinitiv World-Check, or ComplyAdvantage. (4) A transaction monitoring platform — ComplyAdvantage, Featurespace, or a built-in TMS from your core banking/custody provider. (5) A Travel Rule solution — Notabene or Sygna. The total annual cost for a mid-size exchange ranges from $150,000 to $500,000+ depending on transaction volumes and vendor tiers. Negotiate usage-based pricing where possible.
AML compliance costs for a crypto startup vary significantly by stage and jurisdiction. For an early-stage exchange or broker with low volumes: technology costs (identity verification API, blockchain analytics, basic transaction monitoring) typically run $3,000–$8,000/month. A qualified MLRO or Chief Compliance Officer adds $80,000–$180,000/year in salary or $40,000–$80,000/year for a fractional CCO arrangement. Ongoing legal review and policy maintenance: $15,000–$40,000/year. Annual independent AML audit: $20,000–$60,000. Initial AML policy suite creation (if outsourced to specialist advisors): $15,000–$40,000 one-time. Total first-year AML compliance budget for a startup exchange: approximately $120,000–$350,000. This is a non-negotiable operating cost — regulators do not accept budget constraints as a justification for inadequate AML programs.
References

Sources & Official References

MH
Dr. Marcus Hartmann
Senior Licensing Advisor · LL.M. International Financial Law
22 years in financial services regulation. Advised 400+ crypto licensing mandates across 60+ jurisdictions. Specialises in AML/KYC program design and regulatory examination preparation. Based in Zug, Switzerland.
Free Consultation

Build a Compliant AML Program

Tell us about your business model and we will design an AML/KYC program that meets regulatory requirements — without unnecessary complexity or cost.

  • 🇨🇭 Swiss-registered firm, Zug
  • ⚡ Response within 24 hours
  • 🔒 Strictly confidential
  • ✓ 80+ jurisdictions covered

Confidential · No obligation · No spam