Home Compliance
Compliance Framework

Compliant by Design

Monarch operates under the Bank of Ghana PFTSP framework. Our compliance architecture is structural - embedded in how the platform works, not applied as an afterthought.

Regulatory Framework

PFTSP Operating Model

Monarch operates within the Bank of Ghana Payment and Financial Technology Service Providers (PFTSP) framework as a technology and compliance enabler.

This means Monarch is responsible for product development, identity verification, analytics, AML/CFT tooling, partner connectivity, and application monitoring. Regulated payment functions - fiat custody, e-money issuance, settlement processing - remain with licensed bank, DEMI, and PSP partners.

This division is explicit, documented, and enforced in every partner arrangement. Monarch maintains routing maps that clearly define what we do and what each licensed partner does - so that no regulated function is performed without the appropriate authorisation.

🏦
Bank of Ghana PFTSP
Primary regulatory framework
ACFCC
ACFCC
Action Committee for Crypto Clarity
📋
Partner Routing Maps
Explicit division of regulated functions
🔒
Structural Compliance
Controls built into execution, not applied after

Risk Management Framework

Regulatory Scope Risk

Maintained through explicit routing maps showing what Monarch does and what each licensed partner does. Updated whenever a new product or partner is added.

Consumer Misunderstanding Risk

Plain-language disclosures for every token type: purpose, rights, limits, fees, transferability conditions, and dispute handling - in language customers can understand.

Technology & Cyber Risk

Layered controls, regular testing, vendor oversight, incident response readiness, and business continuity planning - tested and evidenced, not theoretical.

Financial Crime Risk

Combined onboarding controls, ongoing transaction monitoring, escalation workflows, and partner coordination for suspicious activity and account interventions.

Data Protection Risk

Permissioned sharing, retention limits, encryption at rest and in transit, and case-based access governance - enforced at the platform layer.

Identity & Financial Crime

KYC, AML/CFT & Fraud Management

🆔

KYC / CDD

Identity capture, document verification, biometric checks, sanctions screening, and PEP checks - calibrated to user type and activity risk tier. Enhanced due diligence applied where warranted.

📊

Risk Tiering

Each user receives an initial risk profile based on onboarding data. Risk tier determines access scope, monitoring intensity, and approval thresholds - proportionate and documented.

🔍

Transaction Monitoring

Rules-based monitoring against defined scenarios and thresholds, with alert review, case management, escalation procedures, and partner coordination obligations.

🚨

Suspicious Activity

Defined case workflows for suspicious activity identification, review, decision, escalation, and - where required - reporting to relevant authorities in accordance with applicable law.

🔄

Ongoing Monitoring

Periodic reviews of user risk profiles, activity patterns, and partner transaction flows - ensuring the compliance picture remains current as behavior and risk evolve.

📁

Audit Evidence

Complete audit trails for onboarding decisions, risk tier changes, monitoring alerts, case outcomes, and control exceptions - maintained and accessible to authorized reviewers.

User Category Minimum Onboarding Enhanced Triggers Monitoring Approach
Individual Consumer Ghana Card, contact details, liveness check High-value activity, PEP status, adverse media Standard automated monitoring
SME / Business Business registration, ownership structure, director identity Complex ownership, high-risk sector, large volumes Enhanced monitoring, periodic review
Commodity Participant Entity verification, sector credentials, warehouse or cooperative membership Cross-border flows, new counterparties, unusual batch values Activity-linked monitoring
Carbon / Project Operator Project documentation, methodology, verification body identity Project scope changes, new investor involvement Milestone-linked review
Institutional Partner Regulatory status verification, key person identity, operating model review Scope expansion, new customer segments, regulatory changes Annual review plus event-triggered
Governance

Operations & Internal Controls

👔

Board & Executive Management

Approve strategic direction, risk appetite, major vendor relationships, and policy framework. Responsible for ensuring the operating model remains within regulatory scope.

📋

Compliance Function

Owns KYC/CDD, AML/CFT governance, regulatory engagement, and complaint handling standards. Independent reporting line to the board. Maintains the policy framework and audit evidence.

🔧

Technology & Security

Owns platform architecture, resilience, identity and access controls, application security, and secure development practices. Responsible for incident response and vendor oversight.

⚙️

Operations

Owns customer support, onboarding quality, exception processing, reporting, and partner coordination. Ensures that compliance decisions translate into operational outcomes.

Internal Control Priorities

Fund Separation

Company funds are separated from partner-managed customer funds and partner-routed settlement flows - maintained and evidenced as a core operating requirement.

Formal Policy Framework

Documented policies covering vendor risk, access control, data protection, incident response, complaints, and business continuity - reviewed annually and on material events.

Management Reporting

Regular management reporting combining customer metrics, partner metrics, compliance metrics, and system resilience metrics - informing board risk oversight.

Approval Thresholds

Documented approval thresholds for new applications, token types, partner integrations, and market launches - preventing scope creep without proper review.

Consumer Protection

Your Rights as a Platform User

📢

Plain-Language Disclosures

Every token type is accompanied by clear disclosures: what it represents, what rights it carries, how it can be transferred, what fees apply, when it expires, and how disputes are handled.

💬

Multi-Channel Complaints

Multiple channels for complaint submission: in-app, email, and phone. Every complaint receives a reference number, documented triage, status updates, and a defined resolution timeline.

⚖️

Escalation & Appeal

Where a complaint cannot be resolved at first line, a formal escalation and appeal process is available - including for tokenized workflow disputes, permissions disputes, and records visibility concerns.

🔐

Data Control

Users control what data is shared with which partners, for what purpose, and for how long. The permissions model prevents insecure credential sharing while maintaining a full audit trail of sharing events.

📊

Transparent Fees

All fees - transaction fees, subscription tiers, issuance fees - are disclosed before users commit to any action. No hidden charges, no retroactive fee changes without prior notice.

🛡️

Security Standards

MFA on all accounts, encryption of personal and financial data, secure development practices, regular security testing, and incident response procedures - maintained and regularly reviewed.

Questions About Our Compliance Framework?

Regulatory counterparties, partner institutions, and potential customers are welcome to request further information about our operating model and compliance posture.

Contact Compliance About Monarch