Advisory

Compliance programs for every kind of crypto company

Licensed exchange, DeFi protocol, or somewhere in between. The compliance obligations are different, and the deliverables should be too.

CeFi Advisory

The full regulatory stack, built for how you operate

You hold a license or you're applying for one. Regulators expect a complete AML/CFT program, documented procedures, and evidence that your controls actually work. We build the program, implement the tools, and get you to a place where an exam isn't something you dread.

Typical clientA crypto exchange applying for a BitLicense with no existing compliance infrastructure, or a licensed custodian expanding into MiCA jurisdictions and needing to retrofit their program.
Deliverables
  • Risk assessmentsEnterprise-wide, new product, and new jurisdiction risk assessments tailored to your specific business model and license requirements.
  • AML / Financial Crime Compliance programComplete BSA/AML program with policies, governance structure, and board-level reporting frameworks.
  • Anti-bribery and corruption policyABC policies and controls designed for the specific corruption risks in crypto operations and counterparty relationships.
  • KYC / TM / SAR / Travel Rule / Screening proceduresEnd-to-end procedures for customer onboarding, transaction monitoring, suspicious activity reporting, travel rule compliance, and watchlist screening.
  • Licensing and registration guidanceApplication support for BitLicense, MiCA, MAS, FINTRAC, FCA, AFSL, and state-level money transmitter registrations.
  • Tool implementationSelection and implementation of KYC, transaction monitoring, watchlist screening, and payment screening platforms.
DeFi Advisory

Compliance without the centralized playbook

Most compliance frameworks assume there's a centralized operator taking custody of funds and onboarding customers. DeFi doesn't work that way. We design compliance programs that account for smart contract interactions, governance structures, and the reality that your "customers" are wallets, not people with passports.

Typical clientA cross-chain messaging protocol that needs counterparty due diligence across hundreds of integrations, or a DeFi lending protocol whose foundation wants to demonstrate responsible risk management to ecosystem partners.
Deliverables
  • Risk assessmentsEnterprise-wide, new product, new jurisdiction, new protocol integration, and new asset risk assessments designed for decentralized business models.
  • Compliance and risk management programA program framework built for protocols and foundations, covering governance, risk appetite, sanctions exposure, and counterparty management.
  • Counterparty due diligence proceduresFrameworks for assessing integration partners, bridge providers, oracle services, and other protocol-level counterparties.
  • Wallet screening and watchlist screening proceduresOn-chain screening procedures that identify sanctioned exposure, mixer interactions, and high-risk wallet activity across your protocol.
  • Tool implementationSelection and implementation of due diligence platforms, watchlist screening services, and blockchain analytics tools.
Hybrid Advisory

Compliance where the lines blur

Your business doesn't fit neatly into one box. Maybe you're a DeFi protocol whose institutional partners impose compliance requirements as a condition of integration. Maybe you're a licensed exchange running a trading desk that interacts with DeFi liquidity pools. Either way, you need a compliance program that covers both worlds without pretending one of them doesn't exist.

Typical clientA DeFi vault protocol whose CeFi partners require KYC and screening as a condition of liquidity access, or a prime brokerage that routes client orders through DEXs and on-chain venues.
Deliverables
  • Dual-framework risk assessmentsRisk assessments that account for both traditional regulatory obligations and on-chain exposure, including shadow regulator requirements from CeFi partners.
  • Blended compliance programA compliance and risk management program that satisfies CeFi partner requirements while remaining practical for decentralized operations.
  • Partner-facing compliance documentationPolicies and procedures designed to demonstrate compliance to institutional counterparties who act as de facto regulators.
  • Wallet screening + KYC proceduresHybrid onboarding flows that combine wallet screening and blockchain analytics with traditional KYC where required by partners or regulation.
  • Tool implementation across both stacksIntegrated tooling for blockchain analytics, watchlist screening, and traditional compliance platforms that work together.
How we work

Four phases, no surprises

Every engagement follows the same structure. The scope varies, but you always know where things stand and what's coming next.

01

Discovery

We map your business model, jurisdictions, counterparty relationships, and existing controls. We talk to your team. We read your docs. By the end of week one, we know what you have and what's missing.

02

Gap analysis

We benchmark your current state against regulatory expectations and industry practice. You get a clear, prioritized list of what needs to happen, in what order, and why each item matters.

03

Build

We write the policies, design the controls, configure the monitoring rules, and build the procedures. Your team reviews everything as we go so nothing lands as a surprise.

04

Handoff

We train your team, document everything, and make sure the program runs without us. If you need ongoing support or want to plug in CryptoComply, we set that up too.

Tell us what you're dealing with

New license application, regulatory exam, partner compliance requirements, or building a program from scratch. We'll tell you what we think and what it would take.

Get in touch