Eight practice areas covering the full lifecycle of a regulated financial business: from license to operate, to running a defensible compliance program, to passing the diligence of a correspondent bank or institutional counterparty.
End-to-end financial crime programs designed against FATF Recommendations, sectoral guidance and the supervisory expectations of the jurisdictions where you operate or seek to operate.
Enterprise-wide and business-line BSA/AML risk assessments using risk-based methodology aligned with FATF and supervisory guidance.
Drafting and refresh of AML/CFT policy, KYC/KYB, EDD, sanctions, PEP, source of funds/wealth and customer risk-rating procedures.
CDD/EDD frameworks for retail, institutional and high-risk customer segments — including beneficial ownership and SoW/SoF protocols.
Drafting, review and submission protocols for suspicious activity, transaction and threshold reporting across multiple supervisors.
Role-based AML/CFT training programs for board, executive, compliance, operations and front-line staff with attendance & comprehension tracking.
Know-Your-Transaction frameworks for digital asset operators — covering wallet attribution, exposure scoring, chain analytics integration, rule calibration and case management workflows.
Integration with chain analytics providers for source/destination attribution, cluster identification and beneficial-owner inference.
Wallet, counterparty and transaction-level scoring with calibrated thresholds and exception-based review queues.
OFAC SDN, UN, EU, UK consolidated lists applied at deposit, withdrawal and counterparty level.
Periodic rule-tuning, false-positive analysis and effectiveness testing — evidence packaged for supervisory review.
FATF Recommendation 16 implementation for VASPs — covering protocol selection, counterparty due diligence (Sunrise Issue management), data quality, jurisdictional thresholds and supervisory reporting.
TRP, IVMS101, OpenVASP, Sumsub Travel Rule, Notabene, Veriscope — selection and integration aligned with counterparty network.
Per-jurisdiction threshold logic (USD 1,000 / 3,000 / EUR 1,000 / local equivalents) with audit trail.
Sunrise Issue management — risk-based diligence on non-compliant counterparty jurisdictions.
Verification protocols and risk-based handling of transfers to/from non-custodial wallets.
Legal opinions, structuring, licensing readiness and ongoing regulatory navigation for digital asset businesses operating across multiple jurisdictions.
Token classification, regulatory characterization, operational legality and cross-border opinions delivered to the standard expected by institutional counterparties.
Jurisdictional fit, entity selection, application drafting, regulator interaction and post-license obligations for VASP, PSP, MSB, e-money and banking licenses.
Multi-jurisdiction entity architecture, regulatory perimeter mapping, passport rights, host/home supervision and substance requirements.
Mutual evaluation readiness, technical compliance review and effectiveness self-assessments against the 40 Recommendations.
Side-by-side comparison of home, host and counterparty jurisdiction frameworks with prioritized remediation paths.
Policy & procedure framework, governance documentation, board materials and counterparty packs.
From jurisdictional selection through application, license issuance and ongoing supervisory obligations. We support VASP applicants across multiple regimes with the documentation depth supervisors expect.
Independent testing and assurance designed to meet the standards of Tier-1 correspondent banks, fund administrators and supervisory examinations.
Annual independent testing of AML/CFT program effectiveness across design, implementation and operational performance.
Quantitative review of transaction monitoring rule performance, alert quality and case management throughput.
Real-time and batch screening control testing across customer onboarding, transaction screening and counterparty review.
Board composition, committee structure, three-lines model and reporting cadence assessment against international standards.
Process risk mapping, key risk indicators, incident management and operational resilience against ISO 31000 / 22301.
Findings-to-closure remediation program management — root cause, design, implementation and validation.
When a Tier-1 correspondent bank, custodian or fund administrator opens diligence on your operation, what they find should answer their questions before they're asked. Mercantil packages your operation to that standard.
Wolfsberg CBDDQ and ancillary DDQ drafting, evidence collection and Q&A management.
Data-room construction, narrative documentation and counterparty-grade compliance packs.
Annual and event-driven counterparty refresh cycles managed end-to-end.
Treasury workflows, settlement governance, regulatory reporting and operational resilience designed for institutional throughput and supervisory defensibility.
Reconciliation, custody segregation, settlement and treasury operations design.
SAR/STR, CTR, large-value, threshold and supervisory return automation.
Three-lines escalation paths, materiality thresholds and board reporting cadence.
BCP / DR, third-party risk, cyber incident response — ISO 22301 alignment.
Mercantil's practice is built around the operational reality of regulated digital asset businesses — each sector has its own risk profile, supervisory exposure and counterparty expectations.
Centralized exchanges, retail brokerages and institutional venues — licensing, listing, custody and operational compliance.
OTC operators — counterparty diligence, settlement risk, large-trade reporting and correspondent relationships.
Payment service providers, money service businesses — licensing across U.S. states, EU PSD2 / EMI, and LATAM regimes.
Digital banking license readiness, banking-as-a-service compliance, and core banking operational frameworks.
Corridor compliance, FX licensing, sender/recipient verification at scale, sanctions and screening orchestration.
Issuer compliance, reserve attestations, redemption controls, MiCA EMT/ART and U.S. stablecoin framework readiness.