Project Overview
A UK FCA-registered Cryptoasset Business (registered under the Money Laundering Regulations 2017 for cryptoass...
Technology Stack
Compliance & Standards
The Challenge
A UK FCA-registered Cryptoasset Business (registered under the Money Laundering Regulations 2017 for cryptoassets) with 48,000 users and £240M average monthly trading volume needed to rebuild their legacy trading platform — replacing a PHP 5.6 monolith with a modern, compliant, high-performance platform. FCA Cryptoasset Registration (MLRs 2017), FCA Financial Promotions regime for cryptoassets (January 2024), UK GDPR, AML/CTF (Sanction screening, SAR filing), PCI-DSS (GBP deposit/withdrawal), and FCA Consumer Duty (consumer protection for retail crypto investors) were mandatory. Budget: £160,000.
Our Approach
FCA Cryptoasset Compliance Architecture
- FCA Cryptoasset Registration (MLRs 2017): registered as a cryptoasset exchange provider.
- FCA Financial Promotions (January 2024): crypto promotions must include risk warning ("Don't invest unless you're prepared to lose all the money you invest"), 24-hour cooling-off period for new customers, personalised risk warning based on self-assessed knowledge.
FCA Consumer Duty
"appropriate risk warnings are a cornerstone of crypto Consumer Duty compliance."
Platform
compliance prompts on every transaction, risk warning on every login for retail customers, prominent "crypto is high risk, unregulated" messaging.
AML/CTF for crypto
- Transaction Monitoring (rule-based + ML alerts), Customer Due Diligence (CDD — enhanced due diligence above £1,000 daily transaction threshold), Sanctions Screening (OFAC, OFSI, UN Consolidated List — screened on every deposit/withdrawal), and Suspicious Activity Reporting (SAR — automated SAR draft when TM alert confirmed).
- Travel Rule (Crypto Travel Rule — UK implementation June 2023): transfers above 1,000 EUR/equivalent require originator and beneficiary information (VASP-to-VASP transfers).
ComplyAdvantage API
- real-time sanctions and PEP screening.
- High-
Crypto trading order book
limit orders and market orders.
Order matching engine
Node.js with in-memory order book (BTree sorted structure — price/time priority matching).
Performance target
10,000 orders/second (peak trading during market volatility).
Redis sorted sets
real-time order book publication (bid/ask spread published via WebSocket to all connected clients within 50ms of order event).
PostgreSQL
trade history, executed orders, user balances — append-only event log (no order updates, only new events).
Reconciliation
hourly balance reconciliation (sum of all user balances from event log vs total custodied assets).
Crypto custody
hot wallet (Fireblocks API — MPC-based custody) for immediate withdrawals (up to daily limit), cold wallet (Ledger Enterprise — hardware security module) for bulk storage (95% of assets).
Withdrawal workflow
user requests withdrawal → AML screening → cooling-off period (24 hours for amounts above £5,000) → senior compliance officer approval above £50,000 → Fireblocks hot wallet withdrawal (instant) or cold wallet transfer (1 business day).
Whitelist addresses
user can only withdraw to KYC-verified addresses (reduces theft risk). 2
FA mandatory
TOTP required for all withdrawals.
The Results
FCA Financial Promotions compliance confirmed.
Platform live at 22 weeks, £148,000 — under budget.
FCA MLRs 2017 registration maintained (no remedial action from FCA supervisory engagement). 48,000 users migrated zero downtime.
Order matching throughput: 12,400 orders/second sustained (vs target 10,000).
Financial Promotions: 100% compliant (24-hour cooling-off, risk warnings, personalisation).
AML alerts: automated (previously manual review).
Travel Rule: 98.4% automated compliance.
FCA Consumer Duty review: confirmed compliant.
“FCA supervisory engagement with zero remedial action required — in the current FCA crypto enforcement environment, that is the outcome that matters most. 12,400 orders/second. Travel Rule 98.4% automated. Financial Promotions 100% compliant including 24-hour cooling-off. 48,000 users migrated zero downtime from a PHP 5.6 monolith. FCA Consumer Duty confirmed. ClickMasters understood FCA crypto regulation in a way that very few development partners do." — CEO, UK Crypto Exchange (name withheld)”
Project Details
Related Case Studies
View AllOpen Banking AISP Platform for UK FinTech Startup
Open Banking AISP Platform for UK FinTech Startup. A UK FinTech startup needed to build an FCA-authorised Account Information Service Provider (AISP) platform that could a...
AI-Powered Customer Service Platform — UK FinTech
A UK FinTech company with 180,000 customers was spending £840,000/year on a 45-person customer service team, p...
Digital Banking Platform MVP — UK Challenger Bank
A UK challenger bank startup had received FCA authorisation with restriction (they could accept deposits but n...
Ready to Transform Your Business?
Let's discuss how our technical expertise can help you achieve remarkable results.