High-Risk Onboarding at CCYFX: How We Say “Yes” Without Blowing Up Our Banking

“High-risk” is one of those labels that gets thrown around so casually in banking that it’s almost useless. To most banks and many EMIs, high-risk simply means “we don’t understand this, so we’d rather not deal with it.” To a lot of founders, it means “we’ve been lumped in with scammers and casinos, even though we’re fully legitimate.”

At CCYFX, we sit in the middle of those two worlds. We were built for founders running UAE + US or offshore structures, digital businesses that don’t fit neatly into a retail bank’s template, and models that are a bit unconventional but still defendable. At the same time, we have to protect our own MSB registration, our banking partners and our card and liquidity providers. That means we can’t say “yes” to everyone, but we refuse to be another black box that just says “no” without explanation. Our philosophy is simple: we say yes as often as we can, but only inside a clear risk framework that we’re prepared to stand behind.

The first distinction we make is between high-risk and unacceptable risk. High-risk, for us, means the business model has a higher likelihood of abuse if it’s not supervised properly: cross-border flows, card-not-present environments, online acquisitions, complicated ownership chains and sensitive markets. Unacceptable risk is different: it means we cannot onboard, regardless of how profitable the account might appear. That usually comes down to sanctions exposure, criminal activity, obvious regulatory breaches or situations where our partners simply will not work with that segment under any conditions.

Most of the clients we want fall into the first category. A UAE resident with a Wyoming LLC serving US clients, or a BVI holding company licensing software globally, will always look riskier than a local coffee shop. That doesn’t make them criminals. It just means we need a more detailed understanding of who owns the business, how it makes money, who the counterparties are and how the flows move through the structure.

To make this manageable, we put every potential client into three broad buckets. The first is prohibited activities and structures. These are situations we cannot support at all. They include deliberately opaque ownership where there is no clear beneficial owner and no convincing reason for the structure to exist. They include parties that are subject to international sanctions or clearly connected to sanctioned regimes. They include weapons and defence-related trade we are not equipped to monitor, illegal drugs and unlicensed pharmaceuticals, exploitative or extreme adult content, and pyramid-style models where recruitment is the real product. In the digital asset space, it includes unregulated token sales and crowdfunding schemes that are essentially securities offerings with no proper legal framework. If your core business is built around any of this, we are not the right partner and we would rather tell you that on day one.

Alongside that, we maintain a view on jurisdictional risk. There are countries and territories we cannot touch at all because of sanctions, very weak AML regimes, ongoing conflict or because our correspondent banks and programme partners simply refuse to service those markets. Some other jurisdictions may be possible but only with stronger controls and tighter limits. This list changes over time, so we don’t publish a static version on the website, but during onboarding we are open about which countries we can accept for incorporation, residency and counterparties, and where the line is.

Between the “no” bucket and plain vanilla business sits the group that CCYFX is really focused on. These are restricted or high-risk verticals that can be banked if you do the work properly. In that space you will find online trading and investment platforms that are licensed and supervised, crypto and Web3 businesses with real KYC and regulatory registrations, iGaming infrastructure providers such as platforms and marketing firms, performance and affiliate networks, and cross-border agencies and SaaS businesses using US, UK, EU or offshore companies. All of these sit on the wrong side of a traditional bank’s risk appetite, but they are not inherently abusive. What they need is a more rigorous onboarding process and transparent pricing that recognises the extra workload.

From the client side, high-risk onboarding with CCYFX always starts in the same way. You complete an online intake form that is designed to do more than collect a company name and passport. We ask where the entity is incorporated, how the group is structured, who the ultimate owners and directors are, what the business does in normal language, what currencies and corridors you actually need, what your expected monthly volumes are, what your average ticket sizes look like and whether you have ever had an account closed or restricted elsewhere. That information gives us enough to decide whether the business is broadly in-scope and what kind of pricing and monitoring would be needed to support it.

Internally, that information feeds into our risk classification and tiering. We categorise each client into a band ranging from lower-risk cross-border corporates through international SMEs and service firms, high-risk but defendable models, and very high-risk profiles that we will only take on in exceptional circumstances, if at all. That internal classification drives everything that follows: the depth of due diligence we require, which products we can responsibly offer, what limits make sense and where you sit on our pricing grid. High-risk onboarding consumes more time and more specialist attention, so fees reflect the real cost of doing it properly.

Once we have agreed in principle that your business is in-scope, we move to the KYC and KYB stage. This is where we collect the documents that turn your description into something we can defend to auditors, regulators and banks. We will ask for full corporate documents, shareholder and director registers, proof of good standing where appropriate, and clear identification and address documentation for every ultimate beneficial owner and director. For regulated businesses, we will ask to see licences and registrations. For almost everyone, we will want to see contracts, invoices or platform screenshots that show there is real economic activity and not just an empty company with marketing around it.

For higher-risk profiles we then go a step further into source of wealth and source of funds. This is where we ask where the founding capital came from, how key individuals accumulated their wealth, and where the funds that will move through the account are actually generated. If there have been previous account closures, investigations or negative news, we will want to understand what happened and how it was resolved. This is rarely a comfortable conversation, but it is the piece that makes the relationship viable in the long term. If we cannot build a coherent, documented story that we can explain to a regulator, we will not onboard.

From there we look at product and corridor mapping. We do not give everyone a generic account with every feature turned on. For each high-risk client we define which currencies and corridors are approved, what monthly and per-transaction limits make sense and which products are appropriate. In some cases it will be multi-currency accounts and FX only. In others, it may include crypto on and off-ramp, card issuing or acquiring. We also define in advance the events that will trigger additional review: large step changes in volume, new destination countries, new business lines or counterparties that do not match the initial profile.

Pricing is tied directly into this. Because we operate a risk-based fee structure, lower-risk clients pay less in spreads and transaction fees, while more complex, higher-risk clients pay more. That does not mean we are penalising you for your industry; it means we are honest about the fact that enhanced due diligence, custom monitoring rules and more frequent reviews all cost time and money. By being clear up front about what tier you fall into and what that means, we avoid the far worse outcome where a provider secretly underprices the account, then panics and exits you when the real work starts.

Onboarding is not the end of the relationship. Once an account is live, we monitor behaviour against the profile you gave us at the start. We expect clients to grow and evolve, so we build periodic reviews and ad hoc refreshes into the process. For some profiles that might mean a light annual check; for others it might mean more frequent touchpoints, especially around product expansions or rapid growth. If something material changes—new owners, new licences, new revenue lines—we want to hear it from you so we can update our understanding and adjust limits and monitoring accordingly. That is how we avoid the classic scenario where a provider says “we didn’t know” and de-risks the entire relationship.

For serious high-risk businesses, this approach usually feels like a relief. If you have ever dealt with an EMI that ignores you for months and then suddenly gives you thirty days to leave, you know how destructive that is. Our framework is designed to do the opposite: be clear at the front about what we can and cannot support; explain the logic of our decisions; price in the compliance work; and maintain the relationship instead of constantly rediscovering who you are.

If you are a UAE-based founder running US and offshore structures, an offshore holding company with real operations, a crypto or Web3 infrastructure provider with real KYC and licensing, or a cross-border digital business that has been told “no” by traditional banks for reasons that are more about optics than substance, then you are exactly the profile we built CCYFX for. We are not promising to onboard everyone. We are promising to treat you like an adult, to tell you where you sit in our risk view, and to give you a banking, FX and payments setup that has a chance of surviving contact with real-world compliance.

If you want to explore whether you fit inside that framework, the next step is simple: complete the application so we can pre-screen your structure, or book a short call. From there, we can tell you honestly whether we are a fit, what tier you are likely to land in, and what a sustainable onboarding plan for your business would look like.

‍