A full 7-step customer due diligence workflow for Pakistani VASPs. From client onboarding through wallet screening, NACTA checks and source of funds to a completed, audit-ready AML/CFT/CPF decision record.
Enter individual or corporate customer details. LÆdar auto-populates entity data, verifies CNIC references and flags jurisdictional risk factors against PVARA guidance.
Run live NACTA proscribed organisation checks, sanctions and PEP screening, wallet address analysis and blockchain risk scoring. Source of funds is captured and assessed in the same workflow.
A structured AML/CFT/CPF decision record is generated and stored with a 7-year retention flag -- MLRO-reviewed, plausibility-checked and ready for PVARA inspection.
The workflow covers the full scope of AML/CFT/CPF obligations under the Virtual Assets Act 2026 and PVARA NOC Regulations 2025.
Covers counter-terrorism financing and counter-proliferation financing checks alongside standard AML obligations -- aligned to Pakistan's FATF action plan commitments.
Live checks against the NACTA proscribed organisations and individuals list -- automatically flagging matches for MLRO review and goAML reporting workflow.
Wallet address screening and blockchain analytics integration for transaction risk scoring -- identifying exposure to darknet markets, mixers and sanctioned addresses.
Every decision record includes the rationale, screening results and MLRO sign-off -- retained with a 7-year flag and formatted for PVARA inspection.
Sign in to access the full 7-step VASP customer due diligence workflow -- NACTA, sanctions, wallet screening and a complete decision record in one place.
Sign In to AccessAuthorised KYCifi users only. Contact contact@kycifi.com for access.
Complete this workflow for every VASP customer onboarding. Covers individual and institutional clients, wallet screening, transaction risk, and Travel Rule compliance. Aligned to PVARA NOC Regulations 2025 and Virtual Assets Act 2026.
Record your firm, the responsible officers, and the nature of the customer relationship being assessed. These details calibrate the risk assessment throughout the workflow and appear on the final CDD record.
Institutional VASP Client. Enhanced due diligence required. Verify their own PVARA NOC/licence status. VASP-to-VASP relationships carry elevated ML/TF/PF risk under FATF Recommendation 16. Obtain copies of their AML policies and relevant licences before onboarding.
NPO / Charity Client. NPO/charity clients are identified as higher risk under FATF Recommendation 8. Enhanced scrutiny of funding sources and beneficial control is required. Obtain governing documents, trustee lists, and evidence of registered charitable status.
High Volume Transaction. Estimated monthly volume exceeds PKR 1,000,000. Enhanced source of funds documentation is required under NOC Regulations 2025. Ensure payslips, bank statements, or business accounts are obtained and verified before completing onboarding.
Record identity details for all customers and ultimate beneficial owners. Up to 3 customers or UBOs can be added. Fields adapt based on the customer type selected in Step 1.
Record the virtual asset types involved, wallet provenance, blockchain analytics screening results, and transaction-level risk indicators.
Privacy coin identified. These assets are designed to obscure transaction trails and pose a materially higher ML/TF risk. Enhanced due diligence is required. Document your risk rationale explicitly and obtain senior management approval before proceeding.
NFTs and digital collectibles carry elevated market manipulation and wash-trading risk. Verify the platform of origin and the economic rationale for valuations. Check whether the NFT is exchange-listed or OTC.
Self-hosted wallet identified. Under PVARA NOC Regulations 2025, additional verification of wallet ownership is required. Consider applying the Travel Rule and document the rationale for accepting or declining the counterparty wallet.
High-risk counterparty exposure flagged. Apply enhanced due diligence. Document the nature of the exposure, the percentage of funds affected, and your risk mitigation rationale before proceeding.
Mixer, tumbler, or coin-join exposure detected. This is a strong indicator of deliberate obfuscation and a red flag under FATF guidance. Do not proceed without senior compliance officer review. Consider filing a Suspicious Transaction Report (STR) via goAML.
Darknet market exposure detected. This represents a critical ML/TF red flag. Do not proceed. Escalate immediately to the MLRO and consider an STR filing via goAML. Preserve all records.
Sanctioned address exposure identified. This may constitute a breach of international sanctions obligations. Freeze any pending transaction immediately. Notify the MLRO and seek legal counsel. Do not inform the customer (tipping-off prohibition applies).
Cross-border transaction identified. Travel Rule obligations may apply. Verify whether the originating or beneficiary VASP is registered and whether IBAN/account details are available. Document your Travel Rule compliance assessment.
One or more red flags identified. Depending on the combination and severity, a Suspicious Transaction Report (STR) may be required. STRs must be filed with the Financial Monitoring Unit (FMU) via the goAML portal within the timeframe prescribed under the AML/CFT Act 2010. Do not inform the customer.
Document the origin of funds used in this relationship and, where required, the source of the customer's overall wealth. Enhanced sections appear automatically based on customer type and service type from Step 1.
Loan proceeds declared as source of funds. Obtain details of the lender, loan agreement, and confirm the loan is from a legitimate financial institution. Crypto-backed loans require additional scrutiny on collateral origin.
Inheritance or gift declared. Obtain probate documentation, a letter of administration, or a gift letter as appropriate. Consider the relationship between donor and recipient and any cross-border element.
No documentary evidence obtained. This is a significant CDD gap. Under PVARA NOC Regulations 2025, documentary verification of source of funds is required for all customers. Record the reason for non-collection and obtain sign-off from the compliance officer before proceeding.
Minor inconsistency noted. Document the explanation clearly in the notes field below. Retain any supporting clarification provided by the customer.
Significant inconsistency identified. Escalate to the compliance officer before proceeding. Request additional documentation from the customer and record all findings in writing.
Unexplained funds identified. This is a primary ML/TF red flag. Do not proceed with onboarding. Consider filing a Suspicious Transaction Report (STR) via the FMU goAML portal. Do not inform the customer (tipping-off prohibition applies under AML/CFT Act 2010).
No source of wealth documentation obtained. For HNWI, PEP, and corporate customers, documentary evidence of overall wealth is required under enhanced due diligence standards. Record the reason and obtain compliance officer approval.
High-value remittance. Transactions exceeding PKR 1,000,000 require enhanced source of funds verification and may trigger Currency Transaction Report (CTR) obligations. Document the economic rationale.
Remittance destination is an FATF grey or blacklisted jurisdiction. Enhanced due diligence is required. Verify the purpose and beneficiary relationship carefully and document your risk rationale.
Record the results of all mandatory screening checks. Each customer must be screened against NACTA and international sanctions lists. Complete all sections before generating the plausibility assessment.
Screen each customer against the National Counter Terrorism Authority (NACTA) proscribed organisations list. A confirmed match triggers mandatory Counter Proliferation Financing (CPF) escalation obligations.
Possible sanctions match identified. Do not proceed until a full name, date of birth, and identifier check has been completed against the relevant list. Document the result of your false positive determination before continuing.
Confirmed international sanctions match. Freeze any pending transaction immediately. Do not proceed with this relationship. Notify the MLRO and seek legal advice. Do not disclose to the customer (tipping-off prohibition applies). File an STR via the FMU goAML portal and notify the relevant sanctions authority.
Possible PEP match. Verify against primary identifiers. If confirmed, enhanced due diligence and ongoing monitoring are required under FATF Recommendation 12. Record your determination.
Confirmed PEP. Senior management approval is required before onboarding or continuing this relationship. Apply enhanced due diligence and document the source of wealth fully. Ongoing monitoring must be intensified.
Unverified adverse media results. Document the nature of the articles found, their credibility, and the relevance to financial crime risk. Record your assessment of materiality.
Significant adverse media findings. Escalate to the compliance officer. Consider whether the findings constitute a red flag warranting an STR. Do not proceed without documented risk assessment sign-off.
The assessment engine reviews all data entered across Steps 1 to 5 and generates a structured plausibility narrative, per-customer risk assessments, and recommended next steps. The output is fully editable.
Complete the screening sections above, then generate the assessment.
The risk score is calculated automatically from all prior steps. Review the factor breakdown, record the compliance decision, and complete the officer declaration before generating the CDD record.
Scores recalculate automatically. Navigate back to any step to change inputs. Thresholds: 0–3 Standard CDD • 4–8 Enhanced Due Diligence • 9–14 High Risk • 15+ Automatic Escalation.
Onboarding refused. Consider whether the circumstances that led to refusal warrant a Suspicious Transaction Report (STR) via the FMU goAML portal. Do not inform the customer of any STR filing (tipping-off prohibition under AML/CFT Act 2010).
STR or CPF filing recorded. Ensure the report has been submitted via the Financial Monitoring Unit (FMU) goAML portal. Do not inform the customer of the filing. Retain a copy of the submission reference in the case file.
Score 15 or above. Senior management approval is mandatory before any decision can be finalised. Document the approver's name, designation, and the basis for the decision.
The declaration checkbox must be ticked and the officer name entered before this assessment can be finalised.
Review the complete summary of this assessment below, then download the audit-ready PDF record. The document is formatted for retention on your compliance file.