KYCifi combines specialist AML, KYC and virtual asset compliance expertise with intelligent technology, so your VASP onboards and monitors customers in line with regulatory expectations, with a defensible decision on every customer.
Virtual asset customers move fast, across borders, through wallets. Every relationship must be understood, evidenced and monitored to a regulator’s standard.
Complex profiles and opaque structures demand proportionate, documented enhanced scrutiny.
Customers and funds span jurisdictions, each with its own risk and obligations.
Customers, wallets and counterparties must be screened, with strict-liability stakes.
Politically exposed persons and associates require identification and ongoing management.
Establishing and evidencing the origin of customer funds, on-chain and off.
Risk is not static; relationships must be re-screened and reviewed over time.
Supervisors expect a defensible, consistent decision on every customer.
Every onboarding and review must be evidenced and retained for inspection.
Every customer runs the same disciplined way, so due diligence is consistent, evidenced and defensible across the business.
Capture individual or corporate customer details; the right CDD path is set from the start.
IntakeCustomer identity and, for entities, beneficial ownership verified to regulatory standard.
ID · UBOCustomer, product, geography and channel risk weighed into a documented rating.
Risk ratingSanctions, PEP, adverse media and wallet exposure screened and adjudicated.
ScreeningStandard or enhanced due diligence applied, with investigation where risk demands it.
CDD · EDDA documented onboarding decision, with escalation and senior referral where it matters.
MLRO decisionRe-screening, trigger reviews and periodic refresh as the customer and risk evolve.
OngoingKYCifi is, first, a specialist AML and KYC practice with deep virtual asset experience. A screening hit, a wallet flag or a complex structure is investigated and judged by financial crime specialists who have made these calls inside Big Four firms and banks, not simply passed or failed.
Our practitioners lead every review. LÆdar, our intelligence platform, does the legwork behind them, so judgement stays with the people, and the customer file is built as they work.
Defensible, audit-ready outputs for every customer, built to the standard supervisors expect.
A documented customer risk rating with a clear, per-factor rationale.
A complete customer due diligence review for standard-risk relationships.
Enhanced due diligence with investigation for higher-risk customers.
Sanctions, PEP, adverse media and wallet results with adjudication rationale.
The ownership and control structure behind corporate customers.
Documented escalation and senior referral decisions for flagged relationships.
Ongoing monitoring, re-screening and trigger-review records over the relationship.
A complete evidence file and audit trail, ready for supervisory inspection.
From exchanges to OTC desks, KYCifi scales customer due diligence capability without adding headcount.
See how KYCifi combines specialist compliance expertise and intelligent technology to support virtual asset businesses.
Questions? Contact contact@kycifi.com
Complete this workflow for every VASP customer onboarding. Covers individual and institutional clients, wallet screening, transaction risk, and Travel Rule compliance. Aligned to PVARA NOC Regulations 2025 and Virtual Assets Act 2026.
Record your firm, the responsible officers, and the nature of the customer relationship being assessed. These details calibrate the risk assessment throughout the workflow and appear on the final CDD record.
Institutional VASP Client. Enhanced due diligence required. Verify their own PVARA NOC/licence status. VASP-to-VASP relationships carry elevated ML/TF/PF risk under FATF Recommendation 16. Obtain copies of their AML policies and relevant licences before onboarding.
NPO / Charity Client. NPO/charity clients are identified as higher risk under FATF Recommendation 8. Enhanced scrutiny of funding sources and beneficial control is required. Obtain governing documents, trustee lists, and evidence of registered charitable status.
High Volume Transaction. Estimated monthly volume exceeds PKR 1,000,000. Enhanced source of funds documentation is required under NOC Regulations 2025. Ensure payslips, bank statements, or business accounts are obtained and verified before completing onboarding.
Record identity details for all customers and ultimate beneficial owners. Up to 3 customers or UBOs can be added. Fields adapt based on the customer type selected in Step 1.
Record the virtual asset types involved, wallet provenance, blockchain analytics screening results, and transaction-level risk indicators.
Privacy coin identified. These assets are designed to obscure transaction trails and pose a materially higher ML/TF risk. Enhanced due diligence is required. Document your risk rationale explicitly and obtain senior management approval before proceeding.
NFTs and digital collectibles carry elevated market manipulation and wash-trading risk. Verify the platform of origin and the economic rationale for valuations. Check whether the NFT is exchange-listed or OTC.
Self-hosted wallet identified. Under PVARA NOC Regulations 2025, additional verification of wallet ownership is required. Consider applying the Travel Rule and document the rationale for accepting or declining the counterparty wallet.
High-risk counterparty exposure flagged. Apply enhanced due diligence. Document the nature of the exposure, the percentage of funds affected, and your risk mitigation rationale before proceeding.
Mixer, tumbler, or coin-join exposure detected. This is a strong indicator of deliberate obfuscation and a red flag under FATF guidance. Do not proceed without senior compliance officer review. Consider filing a Suspicious Transaction Report (STR) via goAML.
Darknet market exposure detected. This represents a critical ML/TF red flag. Do not proceed. Escalate immediately to the MLRO and consider an STR filing via goAML. Preserve all records.
Sanctioned address exposure identified. This may constitute a breach of international sanctions obligations. Freeze any pending transaction immediately. Notify the MLRO and seek legal counsel. Do not inform the customer (tipping-off prohibition applies).
Cross-border transaction identified. Travel Rule obligations may apply. Verify whether the originating or beneficiary VASP is registered and whether IBAN/account details are available. Document your Travel Rule compliance assessment.
One or more red flags identified. Depending on the combination and severity, a Suspicious Transaction Report (STR) may be required. STRs must be filed with the Financial Monitoring Unit (FMU) via the goAML portal within the timeframe prescribed under the AML/CFT Act 2010. Do not inform the customer.
Document the origin of funds used in this relationship and, where required, the source of the customer's overall wealth. Enhanced sections appear automatically based on customer type and service type from Step 1.
Loan proceeds declared as source of funds. Obtain details of the lender, loan agreement, and confirm the loan is from a legitimate financial institution. Crypto-backed loans require additional scrutiny on collateral origin.
Inheritance or gift declared. Obtain probate documentation, a letter of administration, or a gift letter as appropriate. Consider the relationship between donor and recipient and any cross-border element.
No documentary evidence obtained. This is a significant CDD gap. Under PVARA NOC Regulations 2025, documentary verification of source of funds is required for all customers. Record the reason for non-collection and obtain sign-off from the compliance officer before proceeding.
Minor inconsistency noted. Document the explanation clearly in the notes field below. Retain any supporting clarification provided by the customer.
Significant inconsistency identified. Escalate to the compliance officer before proceeding. Request additional documentation from the customer and record all findings in writing.
Unexplained funds identified. This is a primary ML/TF red flag. Do not proceed with onboarding. Consider filing a Suspicious Transaction Report (STR) via the FMU goAML portal. Do not inform the customer (tipping-off prohibition applies under AML/CFT Act 2010).
No source of wealth documentation obtained. For HNWI, PEP, and corporate customers, documentary evidence of overall wealth is required under enhanced due diligence standards. Record the reason and obtain compliance officer approval.
High-value remittance. Transactions exceeding PKR 1,000,000 require enhanced source of funds verification and may trigger Currency Transaction Report (CTR) obligations. Document the economic rationale.
Remittance destination is an FATF grey or blacklisted jurisdiction. Enhanced due diligence is required. Verify the purpose and beneficiary relationship carefully and document your risk rationale.
Record the results of all mandatory screening checks. Each customer must be screened against NACTA and international sanctions lists. Complete all sections before generating the plausibility assessment.
Screen each customer against the National Counter Terrorism Authority (NACTA) proscribed organisations list. A confirmed match triggers mandatory Counter Proliferation Financing (CPF) escalation obligations.
Possible sanctions match identified. Do not proceed until a full name, date of birth, and identifier check has been completed against the relevant list. Document the result of your false positive determination before continuing.
Confirmed international sanctions match. Freeze any pending transaction immediately. Do not proceed with this relationship. Notify the MLRO and seek legal advice. Do not disclose to the customer (tipping-off prohibition applies). File an STR via the FMU goAML portal and notify the relevant sanctions authority.
Possible PEP match. Verify against primary identifiers. If confirmed, enhanced due diligence and ongoing monitoring are required under FATF Recommendation 12. Record your determination.
Confirmed PEP. Senior management approval is required before onboarding or continuing this relationship. Apply enhanced due diligence and document the source of wealth fully. Ongoing monitoring must be intensified.
Unverified adverse media results. Document the nature of the articles found, their credibility, and the relevance to financial crime risk. Record your assessment of materiality.
Significant adverse media findings. Escalate to the compliance officer. Consider whether the findings constitute a red flag warranting an STR. Do not proceed without documented risk assessment sign-off.
The assessment engine reviews all data entered across Steps 1 to 5 and generates a structured plausibility narrative, per-customer risk assessments, and recommended next steps. The output is fully editable.
Complete the screening sections above, then generate the assessment.
The risk score is calculated automatically from all prior steps. Review the factor breakdown, record the compliance decision, and complete the officer declaration before generating the CDD record.
Scores recalculate automatically. Navigate back to any step to change inputs. Thresholds: 0–3 Standard CDD • 4–8 Enhanced Due Diligence • 9–14 High Risk • 15+ Automatic Escalation.
Onboarding refused. Consider whether the circumstances that led to refusal warrant a Suspicious Transaction Report (STR) via the FMU goAML portal. Do not inform the customer of any STR filing (tipping-off prohibition under AML/CFT Act 2010).
STR or CPF filing recorded. Ensure the report has been submitted via the Financial Monitoring Unit (FMU) goAML portal. Do not inform the customer of the filing. Retain a copy of the submission reference in the case file.
Score 15 or above. Senior management approval is mandatory before any decision can be finalised. Document the approver's name, designation, and the basis for the decision.
The declaration checkbox must be ticked and the officer name entered before this assessment can be finalised.
Review the complete summary of this assessment below, then download the audit-ready PDF record. The document is formatted for retention on your compliance file.