What is the AML/KYC Framework?
The Anti‑Money Laundering (AML) and Know Your Customer (KYC) framework is the foundation of financial integrity. KYC establishes the identity of clients before they access services, while AML systems monitor ongoing activity to detect and prevent illicit fund flows. As a fully licensed Swiss and Bahraini institution, CriptoBanc operates under the highest global compliance standards.
Our framework combines regulatory‑first design with predictive technology. From risk‑based client onboarding, identity verification, and sanctions screening to real‑time transaction monitoring and suspicious activity reporting – every component is integrated into a unified, auditable system. This ensures not only adherence to FINMA, CBB, and international FATF requirements but also proactive defence against financial crime.
Request Compliance Overview →
Multi‑layered Compliance Structure
🏛️ Regulatory Foundation
CriptoBanc is fully licensed under the Swiss Banking Act and the Central Bank of Bahrain's Crypto‑Assets Module. Our compliance framework is built on the latest FATF recommendations, EU AMLD6, and national AML/CFT laws.
✅ KYC & Customer Due Diligence (CDD)
Mandatory identity verification for every client (individuals & entities) before any service is provided. Procedure includes: (i) collection of government‑issued identification; (ii) proof of address; (iii) source of funds/wealth declaration; (iv) ownership structure verification for legal entities. Enhanced Due Diligence (EDD) is applied to Politically Exposed Persons (PEPs) and high‑risk jurisdictions.
🔎 Ongoing Transaction Monitoring
Automated real‑time monitoring of all on‑chain and off‑chain activity. Our AML software analyses >100 risk signals – including large round‑sum transfers, rapid asset turnovers, interaction with high‑risk addresses, and geographical inconsistencies. Alerts are prioritised by risk score and escalated to the Financial Crime team.
📜 Sanctions & Politically Exposed Persons Screening
All clients and counterparties are screened in real time against global sanctions lists (OFAC, EU, UN, UK HMT) and PEP databases. Sanctions screening is performed at onboarding and on a daily basis throughout the lifecycle of the relationship, ensuring full compliance with international embargoes.
⚖️ Suspicious Activity Reporting (SAR)
When any transaction or attempted transaction raises a red flag, an internal investigation is launched. Where material suspicion persists, a Suspicious Activity Report (SAR) is filed with the national Financial Intelligence Unit (FIU) – Swiss MROS or Bahrain's FIU. Reporting is conducted without tipping off the subject and is protected by legal privilege.
🛡️ Independent Audit & Compliance Officer
Our AML/CFT framework is audited annually by an independent, FINMA‑recognised external auditor. In addition, a dedicated Compliance Officer oversees day‑to‑day adherence, staff training, and the continuous improvement of policies.
The KYC/AML Client Lifecycle
Onboarding & Identification
Client submits required documents via secure portal. Compliance team verifies identity using biometric and government data sources. Enhanced due diligence triggered when appropriate.
Risk Assessment & Classification
Client assigned a risk score (Low, Medium, High) based on jurisdiction, profile, and expected activity. Risk level determines monitoring frequency and scope of EDD.
Ongoing Monitoring & Periodic Review
Transactions monitored 24/7 vs. client profile. High‑risk clients and PEPs undergo intensified scrutiny. Periodic re‑verification every 12–24 months.
*All processes are fully documented, auditable, and available for regulatory inspection on demand.
Technology & Data Protection
CriptoBanc's AML/KYC execution is underpinned by best‑in‑class technology, integrated into a seamless workflow:
- ✔︎ Blockchain Analytics – Real‑time risk scoring via leading providers, identifying links to illicit addresses, mixers, and sanctioned entities.
- ✔︎ Automated Screening – Fully automated sanctions, PEP, and adverse media checks at onboarding and daily thereafter.
- ✔︎ Case Management – A dedicated Compliance Portal for managing alerts, investigations, and reporting.
- ✔︎ Data Privacy (GDPR / Swiss FADP) – Client data is processed strictly on a need‑to‑know basis. All data is stored in encrypted Swiss data centres and never sold to third parties.
Our technology stack is independently audited for security and data protection, ensuring that the highest levels of confidentiality are maintained throughout the compliance process.
Read Privacy & Security Whitepaper →
Trusted by Leading Financial Institutions
CriptoBanc's AML/KYC framework is regularly benchmarked by our banking partners and has been inspected by FINMA and the Central Bank of Bahrain with zero material findings. Our system processes over 25,000 transactions daily with automated AML checks, and screens all clients against 30+ global sanctions lists. For institutional counterparties, we offer mutual compliance due diligence to streamline the onboarding process.
Daily Transactions Monitored
Sanctions & PEP Lists
Automated CDD Screening
Transaction Surveillance
Frequently Asked Questions
Which regulators supervise CriptoBanc's compliance?
CriptoBanc is supervised by the Swiss Financial Market Supervisory Authority (FINMA) and the Central Bank of Bahrain (CBB). Both regulators have direct oversight of our AML/CFT framework and conduct periodic on‑site inspections.
What documents are required for KYC?
For individuals: Valid government‑issued ID (passport or national ID) + Proof of Address (utility bill or bank statement). For entities: Certificate of Incorporation, Register of Directors/Shareholders, UBO declaration, and audited financials.
How does CriptoBanc handle suspicious transactions?
Any transaction flagged by our monitoring systems triggers an internal investigation. If money laundering or terrorist financing cannot be reasonably ruled out, a Suspicious Activity Report (SAR) is filed with the FIU. Reporting is done without notifying the client.
Is client data shared with third parties?
Client data is processed only for compliance purposes and is never sold. Information may be shared with regulators, law enforcement, or financial intelligence units when required by law. All data is stored in accordance with Swiss FADP and GDPR standards.