Services About Legal & Compliance Advisory Desk Partners Toolkit
Theme
Request Introduction
Arca Compliance/ Services/ AML / KYC Advisory
Service 02 · AML · KYC · Financial Crime

AML / KYC
Advisory.

Risk-based AML framework design, KYC policy architecture, MLRo advisory, and financial crime programme documentation for regulated and pre-regulated fintech and digital asset businesses. We build programmes that satisfy FCA supervisory review, and work operationally in the business, not just on paper.

Request Introduction → Free AML Readiness Toolkit
What We Deliver

AML/KYC that survives
FCA scrutiny.

01
Business-Wide Risk Assessment

The BWRA is the foundation of every compliant AML programme and mandatory under MLRs 2017 Regulation 18. We conduct and document a risk assessment specific to your business model, products, customer types, geographies, and channels, not a generic template adapted with your firm name.

  • Customer risk profiling, retail, institutional, PEP exposure
  • Product and service risk assessment, crypto-specific typologies
  • Geographic risk, high-risk jurisdictions, sanctions exposure
  • Channel and delivery risk, on-chain, off-ramp, custody
  • Annual review process design and trigger events
02
AML Policy & Procedure Suite

A complete AML/CTF policy suite, board-approved, specific to your business model, and aligned to MLRs 2017, FCA JMLSG guidance, and MiCA/AMLD6 where applicable. Every policy is written to be implemented, not filed.

  • AML Policy, scope, risk appetite, governance, controls
  • CDD, SDD, and EDD procedures with trigger criteria
  • Beneficial ownership verification, UBO at 25%+ threshold
  • PEP and sanctions screening procedures
  • Record-keeping policy, 5-year retention and retrieval
03
Gap Analysis

Independent assessment of your existing AML/KYC framework against current regulatory requirements, MLRs 2017, FCA JMLSG, and FATF Recommendation 16 (Travel Rule). Output: a prioritised remediation plan with clear timelines and board-ready reporting.

  • Controls mapped against MLRs 2017 and JMLSG
  • Travel Rule implementation gap assessment
  • On-chain analytics coverage review
  • Prioritised remediation roadmap
  • Board-ready gap analysis report
04
MLRo Advisory

The MLRo function is consistently under-resourced in digital asset businesses. We advise on MLRo function design, provide template board reporting structures, review SAR submission processes, and offer on-call support for complex cases requiring senior financial crime judgment.

  • MLRo function design, authority, independence, resource
  • Annual MLRo report template and content framework
  • SAR submission process, internal and NCA reporting
  • DAML (defence against money laundering) procedure
  • On-call support for complex cases
05
Travel Rule Compliance

The UK Cryptoasset Travel Rule has been in force since September 2023. The FCA has begun active compliance review. We design Travel Rule compliance frameworks, VASP-to-VASP information transmission, counterparty verification, and unhosted wallet risk management.

  • Travel Rule policy, UK (£1,000 threshold) and EU (no de minimis)
  • VASP counterparty verification procedure
  • Unhosted wallet risk assessment and controls
  • Travel Rule solution vendor assessment support
  • Sunrise issue management, jurisdictions not yet compliant
06
Fraud Risk Assessments

Digital asset businesses face a specific and evolving fraud risk landscape. We conduct fraud risk assessments covering the typologies that matter for your business model, APP fraud, account takeover, mule activity, scams, card fraud, and on-chain fraud specific to crypto exchanges and custody services.

  • APP fraud, digital asset specific vectors and controls
  • Account takeover and social engineering risks
  • Mule activity detection and prevention
  • On-chain fraud, mixer usage, chain-hopping, NFT wash trading
  • Fraud control framework design and testing recommendations
Regulatory Basis

The regulations
we work within.

MLRs 2017 (as amended)
Money Laundering Regulations 2017
The primary AML/CTF legislative framework for UK regulated businesses. Covers CDD, EDD, BWRA, record keeping, SAR reporting, MLRo designation, and training requirements.
JMLSG Guidance
Joint Money Laundering Steering Group
FCA-approved sector guidance for AML/CTF compliance. Part II covers cryptoassets and digital asset businesses specifically. The FCA treats compliance with JMLSG guidance as a baseline expectation.
POCA 2002 · TA 2000
Proceeds of Crime Act & Terrorism Act
The underlying criminal statutes for AML/CTF. SAR submission obligations, tipping-off provisions, and the DAML consent regime all flow from POCA 2002.
FCA Reg 2023/1113 (TFR)
Cryptoasset Travel Rule (UK)
UK Travel Rule in force from September 2023. £1,000 threshold for fiat transfers; no de minimis for crypto-to-crypto. VASP counterparty verification required. EU TFR removes all thresholds from December 2024.
FATF Recommendations
FATF R.16 & Virtual Asset Guidance
FATF's Travel Rule (R.16) and updated guidance on virtual assets (2021, updated 2023) set the international standard. UK and EU implementation follows FATF, gaps in FATF alignment will be flagged by the FCA.
MiCA · AMLD6
EU AML Requirements for CASPs
MiCA incorporates AML/CTF obligations for EU CASPs. AMLD6 (transposition deadline 2026) extends predicate offences, criminal liability, and enhanced CDD requirements specifically for crypto-asset businesses.
How We Work

The engagement
model.

01
Current State Review

We review existing AML/KYC documentation, controls, and operations against regulatory requirements. Establishes the baseline and identifies gaps before we begin building.

02
Risk Assessment

We conduct the BWRA, specific to your business model, products, and customer profile. This drives the risk-based calibration of every subsequent policy and control.

03
Framework Build

We design and document the full AML/KYC framework, policies, procedures, CDD standards, transaction monitoring calibration, Travel Rule controls, and MLRo governance.

04
Implementation Support

We support the implementation, board approval, staff training briefings, RegTech vendor integration review, and MLRo on-call support during the embedding period.

FCA Review Ready
AML/KYC frameworks that hold
up when the FCA comes looking.
Request Introduction → Read AML Insights
Related Services
01
Authorisation & Licensing

A compliant AML/KYC programme is a mandatory component of any FCA authorisation application. We build both in a coordinated engagement.
03
Operations & Audit

Independent periodic AML audit to verify the programme is embedded, effective, and current, delivered separately from the team that built it.
04
Legal & Compliance Package

Where a formal legal opinion is required, on token classification or regulatory perimeter, we coordinate with our legal partners alongside the AML build.