Project Overview
A UK company registered with the FCA as a cryptoasset business (under MLRs 2017 Schedule 7A) wanted to build a...
Technology Stack
Compliance & Standards
The Challenge
A UK company registered with the FCA as a cryptoasset business (under MLRs 2017 Schedule 7A) wanted to build a digital asset custody and trading platform. FCA crypto registration obligations (AML/KYC, travel rule), UK GDPR, Cyber Essentials Plus, and a secure multi-signature custody architecture were the primary requirements. The platform would hold customer digital assets — security was the paramount concern. Budget: £130,000.
Our Approach
Secure Custody Architecture
- Multi-signature (MultiSig) custody: customer assets held in multi-sig wallets requiring m-of-n signatures before withdrawal.
- Hot wallet (online, small balance for instant liquidity) / cold wallet (offline, hardware security module — 95% of assets) separation.
- Air-gapped signing ceremony: withdrawal from cold wallet requires physical access to hardware HSM with dual-person authentication.
MLRs 2017 Schedule 7A
- cryptoasset exchange and custodian wallet providers must implement full AML/KYC.
- Electronic ID verification (
Onfido
- passport + selfie), PEP/sanctions screening (Dow Jones), source of funds declaration for high-value transactions.
- FATF Travel Rule (applicable above EUR 1,000 threshold): originator and beneficiary information sent with transfers between VASPs.
- VASP counterparty screening.
- On-
Chain Transaction Monitoring
- Blockchain analytics (Chainalysis API): transaction risk scoring, OFAC/HM Treasury sanctions screening of wallet addresses, dark web marketplace exposure, mixer/tumbler detection.
- High-risk transaction flags: manual compliance review before execution.
FCA crypto AML
- suspicious activity reporting to HMRC (not NCA, for cryptoasset businesses under MLRs 2017 Schedule 7A).
- UK GDPR and Crypto-
Blockchain transparency vs GDPR
public blockchain transactions are pseudonymous (wallet address not name) — personal data is the link between wallet address and customer identity (held off-chain).
UK GDPR basis
contract performance.
Right to erasure
cannot delete on-chain transactions (immutable) but customer identity link can be deleted from off-chain databases.
The Results
Platform live at 16 weeks, £122,000 — under budget.
FCA inspection at 6 months: AML/KYC procedures commended.
FATF Travel Rule: 100% compliance on qualifying transfers.
Blockchain analytics: 4 high-risk transactions flagged and blocked in first 3 months.
Cyber Essentials Plus: certified at launch.
Zero security incidents in 12 months of operation.
Customer assets under custody: £4.2M at month 6.
“The FCA inspection was the most thorough compliance review I have experienced in 12 years of financial services. The AML procedures were specifically commended. The blockchain analytics blocked four high-risk transactions in three months — real criminal activity that we did not complete." — Compliance Director, UK Crypto Asset Platform (name withheld)”
Project Details
Related Case Studies
View AllOpen Banking AISP Platform for UK FinTech Startup
Open Banking AISP Platform for UK FinTech Startup. A UK FinTech startup needed to build an FCA-authorised Account Information Service Provider (AISP) platform that could a...
AI-Powered Customer Service Platform — UK FinTech
A UK FinTech company with 180,000 customers was spending £840,000/year on a 45-person customer service team, p...
Digital Banking Platform MVP — UK Challenger Bank
A UK challenger bank startup had received FCA authorisation with restriction (they could accept deposits but n...
Ready to Transform Your Business?
Let's discuss how our technical expertise can help you achieve remarkable results.