A guided KYC review workflow for Pakistani banks conducting enhanced due diligence on Virtual Asset Service Providers under SBP BPRD Circular No.10 of 2026 and AMLA 2010.
Record the VASP's SECP registration, PVARA NOC status, beneficial ownership structure, and operational profile. All mandatory identifiers captured in a structured format.
Assess the VASP's technology controls, AML/CFT programme, goAML registration, NACTA screening, MLRO appointment, and run the full SBP Circular No.10 conditions checklist. Risk score calculated automatically.
Record the bank's onboarding decision, MLRO approval where required, any conditions imposed, analyst declaration, and supervisor sign-off. Download the complete KYC file for your audit records.
Every section of this workflow maps directly to SBP BPRD Circular No.10 of 2026. The 15-point conditions checklist covers all requirements before a bank can provide services to a VASP.
Purpose-built for VASP due diligence. Covers blockchain analytics tools, transaction monitoring systems, Travel Rule compliance, virtual asset categories, privacy coin exposure, and customer base risk.
Structured review of the VASP's AML/CFT programme including board-approved policy, goAML FMU registration, NACTA proscribed organisations screening, MLRO appointment, STR filing history, and staff training records.
Generate a professional KYC review narrative via LÆdar, aligned to Pakistani law. Download a complete PDF with analyst declaration, supervisor approval, and risk rating for your compliance file.
Structured for Pakistani banks. Aligned to SBP BPRD Circular No.10 of 2026 and AMLA 2010. Takes approximately 20 to 25 minutes to complete.
Access KYC ReviewAvailable to all KYCifi account holders. Sign in or create an account to get started.
Guided due diligence for banks onboarding Virtual Asset Service Providers under SBP BPRD Circular No.10 of 2026. Complete all six steps to produce a structured, audit-ready KYC record.
Record the reviewing bank's details and the VASP's registration information, PVARA NOC status, and operational profile. All required fields are marked with an asterisk.
Elevated Regulatory Risk. Under SBP BPRD Circular No.10 of 2026, banks should only provide services to VASPs that are registered or in the process of registering with PVARA. A VASP that has not applied for NOC presents elevated regulatory risk. Consider whether to proceed with this review.
Record all directors, beneficial owners, and key officers of the VASP. Complete PEP status and sanctions screening for each individual. Up to 5 individuals may be recorded.
PEP Identified. A Politically Exposed Person has been identified in the VASP ownership or management structure. Enhanced due diligence is mandatory under AMLA 2010. Senior management approval is required before proceeding.
PEP Identified. Enhanced due diligence is mandatory under AMLA 2010. Senior management approval required.
PEP Identified. Enhanced due diligence is mandatory under AMLA 2010. Senior management approval required.
PEP Identified. Enhanced due diligence is mandatory under AMLA 2010. Senior management approval required.
PEP Identified. Enhanced due diligence is mandatory under AMLA 2010. Senior management approval required.
Corporate UBO Tracing Required. Corporate UBOs require full ownership tracing to identify the ultimate natural person. Obtain a corporate structure chart and shareholder registers for all corporate entities in the ownership chain.
FATF Blacklisted Jurisdiction. A UBO is from a FATF blacklisted jurisdiction. Enhanced due diligence is mandatory under AMLA 2010. Consider whether to proceed with this onboarding.
Assess the virtual assets handled, customer base profile, geographic exposure, and technology controls. These factors feed directly into the risk score calculated in Step 6.
Privacy Coins -- Elevated ML/TF Risk. Privacy coins present elevated money laundering and terrorist financing risk due to enhanced anonymity features. Specific enhanced controls are required. Consider whether this is acceptable under your bank's risk appetite.
VASP-to-VASP Relationships. Relationships with other VASPs carry elevated risk under FATF Recommendation 16. Travel Rule compliance is mandatory for all transfers with counterpart VASPs. Verify that the VASP has adequate controls for these relationships.
No Blockchain Analytics Tool. This is a significant gap in the VASP's transaction monitoring capability. A blockchain analytics tool is essential for identifying high-risk transactions, sanctions exposure, and illicit fund flows.
No Automated Transaction Monitoring. Manual monitoring processes only present elevated money laundering risk. An automated transaction monitoring system is required for effective AML controls at any meaningful transaction volume.
Review the VASP's AML/CFT/CPF programme against PVARA NOC Regulations 2025 requirements. Each No answer is a mandatory compliance gap that must be resolved before account opening.
No Board-Approved AML/CFT/CPF Policy. This is a mandatory requirement under PVARA NOC Regulations 2025. This VASP does not meet the minimum compliance standard for onboarding.
Not Registered on goAML FMU Portal. goAML FMU registration is mandatory for all VASPs under PVARA NOC Regulations 2025. The VASP cannot file STRs without this registration.
No NACTA Screening. Screening against NACTA proscribed organisations and designated persons is mandatory under PVARA NOC Regulations 2025. Failure to screen constitutes a serious compliance breach.
No MLRO Appointed. Appointment of a qualified MLRO is mandatory under PVARA NOC Regulations 2025. This VASP does not meet the minimum compliance standard.
No Travel Rule Compliance Solution. Travel Rule compliance is required under FATF Recommendation 16 for VASPs conducting virtual asset transfers. The VASP must have a technical solution for transmitting originator and beneficiary data.
Verify each condition required under SBP BPRD Circular No.10 of 2026 before providing banking services to this VASP. All 15 conditions should be met for onboarding to proceed.
Review the auto-calculated composite risk score derived from all previous steps, record the onboarding decision, complete the analyst declaration, and generate the KYC review file.
A composite risk score of 9 or above requires referral to the bank's MLRO before an onboarding decision can be recorded. Complete the referral details below.
Generate a professional compliance narrative using LÆdar, KYCifi's regulatory AI. The output is fully editable before being included in the downloaded review file.
Download the complete KYC review file as a PDF. The file includes all answers, the risk score breakdown, the AI narrative (if generated), and the analyst declaration. Retain on file pursuant to SBP BPRD Circular No.10 of 2026.