Westport · Luzern Contact →
Program Build-outs — de Risk Partners

Program Build-outs.

New license, new product, new market — we design and stand up the compliance program from scratch. Policies, procedures, controls, training, and testing — ready for the first regulator visit.

90d
Minimum viable program. Charter-ready policies, procedures, and controls within one quarter.
6mo
Examination-ready. Tested, trained, and documented — built to defend the first regulator visit.
12mo
Scale-ready. Operating model and metrics in place to support growth without re-platforming.
01 — What We Build

A complete compliance program. End to end.

— The stack, visualised
BOARD & SENIOR MANAGEMENT LAYER 05 — GOVERNANCE Board oversight · Committees · Three lines of defence · Reporting LAYER 04 — POLICIES & PROCEDURES BSA · OFAC · KYC · UDAAP · Reg E / Z · CRA · Privacy · Vendor Risk LAYER 03 — CONTROLS & MONITORING Risk assessment · Control library · TM rules · Sanctions · QA / QC LAYER 02 — OPERATIONS Onboarding · Alert ops · Investigations · SAR / CTR · Reporting · MI LAYER 01 — PEOPLE, TRAINING & CULTURE Org design · Role descriptions · Training curriculum · Attestations REGULATOR · EXAMINATION-READY DEFENSIBLE BY DESIGN
01 · Governance

Board, Committees, & Reporting.

Charter documents, committee structures, reporting cadences, escalation paths, and management information frameworks. Three lines of defence by construction — not retrofit.

Charter Docs · Committee Mandates · MI Pack
02 · Policies

Policies & Procedures.

BSA / AML, OFAC, KYC / CDD, UDAAP, Reg E / Z, fair lending, CRA, third-party risk, privacy, and consumer compliance — full library, drafted to your specific risk profile.

25 – 40 Policies · SOPs · Approval Workflow
03 · Controls

Controls & Monitoring.

Enterprise risk assessment, control library mapped to regulations, transaction monitoring rules, sanctions screening configuration, and QA programs. Auditable by construction.

ERA · Control Library · TM & Sanctions Tuning
04 · Operations

Operations & Run-the-Bank.

Onboarding workflow, alert operations, investigations, SAR / CTR drafting, regulatory reporting cadence, and operational metrics. Built for day-one volume and Year-3 scale.

Workflow · SOPs · MI · Capacity Plan
05 · People

People, Training & Culture.

Org design, role descriptions, hiring criteria, training curriculum, certification cycles, and attestation frameworks. Compliance culture in the architecture — not on a poster.

Org Chart · JDs · Training · Attestations
06 · Technology

Technology & Data.

Vendor selection (TM, sanctions, KYC, case management), implementation, data architecture, and integration. AI-ready foundations for future automation.

Vendor Selection · Integration · Data Model
02 — When We Build

Five moments where a program has to exist.

01
New Charter or License
De novo bank, ILC, credit union, money transmitter, trust company, or VASP licence applications — full program built to the application standard.
02
BaaS & Sponsorship Launch
Sponsor bank programs, fintech sponsorship oversight frameworks, and BaaS operating models that survive OCC and FDIC scrutiny.
03
New Product or Service
Crypto custody, stablecoins, lending products, embedded finance, B2B payments — compliance program designed for the product, not retrofitted.
04
New Geography Entry
US firm entering EU; Swiss firm entering US; GCC entrants needing dual-regulator compliance — local programs that satisfy local supervisors.
05
Pre-Funding & Diligence-Ready
Series B+ fintechs preparing for compliance diligence from investors, acquirers, or sponsor banks — program built to pass scrutiny.
03 — How We Deliver

Three phases. One operating model at the end.

01

Design.

0 – 60 Days

Business model decomposed into compliance requirements. Risk assessment, target operating model, policy framework, control library, and technology architecture defined. The blueprint is signed off by the board before construction begins.

Day 60Blueprint approved.
02

Build.

60 – 180 Days

Policies and procedures drafted, controls implemented, technology configured, training developed, and operations stood up. Every artefact is built to evidence — defensible at examination from day one.

Day 180Program operational.
03

Embed & Hand-Over.

180 – 365 Days

Program runs under our oversight while your team scales. Examination dry-runs, control testing, regulator engagement, and progressive transfer of accountability. We leave you with a program your team owns — and a regulator who knows your name.

Day 365Ownership transferred.
04 — Proof

What a build-out looks like at first examination.

A de novo digital asset firm cleared its first FINMA examination with no findings — twelve months from charter, fourteen people on staff.
Illustrative engagement — Digital Asset Firm (Switzerland)
Full Program Build · FINMA Licensing · Operational Stand-up
— Building Something New?

From blank page to examination-ready.

A 30-minute call with a partner. We'll walk through the licence, product, or market you're building toward — and what good looks like for the first regulator visit.

Talk to a Partner Read the Insights
de Risk Partners — Footer Component