Asia Desks · Singapore · Ho Chi Minh 800+ licences delivered · 50+ jurisdictions
Home / Services / AML & Compliance

Post-licence stewardship that keeps you operating.

AMLO manuals, MLRO appointments, transaction-monitoring policy, regulatory reporting, audit interfacing, and capital adequacy filings — the work between filings that defines whether your licence stays usable.

Active licensees
90+
Under ongoing retainer
MLROs placed
36
Permanent + interim
Audits cleared
180+
External AML audits
Findings on first audit
<2
Avg per client
01 — Engagement fit

Where this service
compounds.

We work best with operators who need real, functional AML programmes — not paper compliance. Here is where we deliver — and where we may not be the right call.

Ideal engagement

When we deliver outsized value

Newly licensed operators going live
Operators between licence grant and operational launch who need the AML programme deployed, MLRO appointed, monitoring stack configured, and the first cycle of reporting set up.
Operators under audit or enforcement
Groups in the middle of an external audit, regulator review, or formal enforcement action u2014 where we run the response, manage interactions, and rebuild the programme to address findings.
Compliance officers under pressure
In-house compliance teams who need policy build-out, second-line review, or interim cover during MLRO transitions, expansion, or regulator-imposed remediation deadlines.
Look elsewhere

When we may not be the right fit

Operators wanting compliance theatre
Where the brief is to produce a glossy AML manual with no intention to operationalise it, we are not the right firm. Real audit pressure will surface the gap.
Pure technology compliance tooling
We integrate with transaction-monitoring platforms (Chainalysis, Elliptic, TRM, Coinfirm, ComplyAdvantage) but we are not a software vendor. Operators wanting a tool sold to them should engage one of these directly.
Adversarial regulator-defence-only mandates
We will defend findings in good faith u2014 but engagements premised on resisting legitimate regulator requests do not align with how we work. If your aim is purely combative, another firm is better suited.
02 — What you receive

Concrete
deliverables.

Every compliance engagement is scoped against concrete deliverables. No open-ended retainers without defined scope — each phase of work has a defined output.

Risk-based AML/CFT programme
A jurisdiction-tailored AML manual, customer-risk methodology, transaction-monitoring rule set, sanctions screening framework, and STR/CTR filing procedures u2014 calibrated to your activity, not boilerplate.
MLRO placement & support
Permanent MLRO recruiting, interim MLRO secondment, or co-MLRO support for in-house teams. All MLROs we place hold the appropriate regulator registration and carry direct accountability.
Monitoring stack configuration
Selection, configuration, and rule-tuning across the major transaction-monitoring providers, with calibration documented and version-controlled. Alert-triage workflow set up; false-positive rate measured.
Periodic compliance reporting
Quarterly and annual returns into each licensing regulator, in the format they expect, with consistency across years and across the group. Pre-filing review before any submission.
External audit management
Year-end external AML/CFT audit support: scoping with the auditor, evidence-pack preparation, in-audit response, and findings remediation. We have sat through 180+ external audits and know the recurring patterns.
Regulator interfacing
RFIs, supervisory letters, on-site inspections, and enforcement-action response. We attend meetings, draft responses, and act as the single point of accountability into the regulator throughout.
03 — Engagement cadence

How the work
actually moves.

A typical programme build runs along the phases below. Operators joining mid-enforcement or mid-audit start from the relevant phase.

Programme build

Weeks 1u20144

Draft AMLO manual, policies, procedures, and risk appetite framework aligned to your regulator's expectations.

MLRO & stack deploy

Weeks 4u20148

Appoint MLRO, configure transaction monitoring tools, and calibrate screening thresholds for your business model.

Go-live & first cycle

Weeks 8u201416

Run the first complete SAR/STR reporting cycle with live monitoring oversight and a regulator-ready audit trail.

Ongoing stewardship

Retainer u00b7 ongoing

Retainer-based monthly oversight, regulatory updates, annual programme refresh, and regulator correspondence.

"The licence is the start of a relationship with the regulator — not the end of a project. Year-one stewardship determines the next ten years." — Nina Karim, AML & Compliance Lead
04 — Common questions

Before
we start.

The questions we get on every diagnostic call. If yours isn't here, raise it in the consultation.

Yes. We provide three models: (1) permanent placement u2014 we recruit an MLRO who is hired directly by you, with us supporting through onboarding; (2) interim cover u2014 a GSS Legal partner or senior associate serves as MLRO for a defined period (typically 3u20149 months), useful during transitions, build-out, or expansion; (3) co-MLRO support u2014 we provide second-line review and senior cover behind your in-house MLRO. All three models are jurisdiction-credentialed and carry professional indemnity.
On the blockchain side: Chainalysis, Elliptic, TRM Labs, Coinfirm, and Crystal. On the customer / sanctions side: ComplyAdvantage, Refinitiv World-Check, Sumsub, Onfido, and Sanction Scanner. We are tool-agnostic u2014 the selection is driven by your business model, regulator expectations, and integration constraints. We configure, tune, and document whichever stack you adopt.
Initial programme build is scoped as a fixed-fee package against a defined deliverable set (typically EUR 35Ku2014120K depending on complexity and jurisdictions). Ongoing stewardship is structured as a monthly retainer with capped variable scope. We do not bill by the hour for compliance work u2014 predictability matters more on the operational side than on bespoke transactional work.
Yes. Roughly 15u201420% of our engagements start mid-enforcement: the regulator has issued findings, a Cease & Desist, or a remediation directive. Our approach is to triage the immediate exposure within the first week, build a credible remediation plan, and act as the single interface to the regulator throughout. Outcomes vary by jurisdiction and severity, but in the great majority of engagements the operator emerges with the licence retained and an agreed remediation pathway.
Across the last three years of external AML audits on programmes we deployed from scratch, the average finding count at first audit is under two, with no critical findings on any engagement. The most common medium-severity findings relate to alert-triage backlog and documentation gaps in customer-risk re-rating u2014 both addressable in routine remediation. We measure this internally and publish anonymised numbers because it is the most honest indicator of programme quality.
05 — Adjacent services

Often run
in parallel.

Few engagements sit in isolation. These are the services most often combined with this one in a single mandate.

Banking & EMI / PSP

Lithuanian EMI authorisations, correspondent banking introductions, and EUR/USD settlement rails u2014 the operational layer that makes a licence usable.

EMI PSP Correspondent
Explore

Corporate Formation

Holding structures, group reorganisations, beneficial-ownership disclosure, resident director and substance set-up. The legal vehicles your licence sits inside.

Holdco Substance UBO
Explore

Crypto VASP

VASP registrations and full exchange licences across Singapore, Hong Kong, Lithuania, Estonia, and UAE u2014 chosen against your business model and token profile.

VASP MAS VARA
Explore
Ready when you are

Tell us where
you want to
operate.

Forty-five minutes with a partner. Jurisdiction memo within seven days. No retainer required to start.

Book a consultation Send us a brief
GSS Legal consultation
45 min
First call with a partner.
No retainer required.