Brokerage Compliance Guide —
AML, KYC & Regulatory Obligations

Know Your Customer (KYC)

KYC is the foundation of brokerage compliance. Before a client can deposit and trade, you must verify their identity at a level appropriate to their account tier and jurisdiction.

KYC Tiers

• Tier 1 (Basic) — Email verified, phone number confirmed. Allows limited no-deposit exploration only.
• Tier 2 (Standard) — Government photo ID (passport, national ID card) and proof of address (utility bill, bank statement dated within 3 months). Required before first deposit in most jurisdictions.
• Tier 3 (Enhanced Due Diligence) — Source of funds declaration, additional ID documents, and potentially a video verification call. Required for high-value accounts (typically above $10,000–$25,000 deposit threshold) or for PEPs and high-risk countries.

Anti-Money Laundering (AML)

AML obligations require brokers to monitor client transaction behaviour and report suspicious activity to the relevant financial intelligence unit (FIU).

• Transaction Monitoring — Alerts when deposits exceed thresholds (e.g. $3,000+ cash equivalent) or unusual patterns emerge (structured deposits, rapid withdrawal after deposit without trading).
• PEP Screening — All new clients are screened against PEP databases. PEPs require enhanced due diligence.
• Sanctions Screening — Clients must be screened against OFAC, EU, UN and other sanctions lists. Clients from sanctioned countries or on sanctions lists must be rejected.
• Suspicious Activity Reports (SARs) — If a compliance officer identifies a transaction or pattern suggesting money laundering, a SAR must be filed with the jurisdiction's FIU.

Client Categorisation & Suitability

In regulated jurisdictions (particularly EU/EEA), clients must be categorised before they can trade:

• Retail Client — Maximum regulatory protection (leverage limits, risk warnings, best execution obligations).
• Professional Client — Reduced protection, higher leverage available. Requires client to meet two of three criteria: relevant experience, large portfolio, professional financial role.
• Suitability Assessment — Retail clients must complete a questionnaire assessing trading knowledge and experience. If the product is deemed unsuitable, the broker must warn the client prominently before allowing trading.

Data Protection & Privacy

• Publish a privacy policy at registration and on trading platform
• GDPR-compliant data processing for EU-resident clients
• Data retention periods documented and enforced
• Client data export on request (right to data portability)
• Deletion procedure on account closure after statutory retention period
• Breach notification within 72 hours to the regulator

Trade Reporting & Record-Keeping

• All trades logged with entry/exit price, size, timestamp, instrument and account ID
• EMIR reporting (EU): brokers and clients above threshold must report derivatives trades to a trade repository
• MiFID II best execution reporting for EU-regulated brokers
• Records kept for minimum 5 years (7 years under FCA rules)

How CTATech Handles Compliance Technology

CTATech platforms are built to meet the technology requirements of global regulators:

• KYC document upload, storage (encrypted), and approval workflow built in
• AML transaction monitoring with configurable alert thresholds
• PEP/sanctions screening via integrated third-party API (Comply Advantage, Jumio)
• Immutable audit log for all account, trade and configuration changes
• GDPR data export and deletion request workflow
• Client suitability questionnaire module
• Trade reporting data export in EMIR-compatible format