Provenance Services

Provenance is building the only universal compliance framework that addresses the current gap in the virtual assets space, but also aligns with where we see the industry will be going over the next few years. We can build you holistic, automated, and cost-effective control frameworks to ensure compliance with local and international requirements, and which can be easily adapted to increasing regulatory pressure. We call this embedded compliance framework, or compliance-by-design, making sure that your risk frameworks and controls are aligned with your growth strategy and business needs.

This means that we offer the traditional range of anti-money laundering (AML) and other compliance services, but we also offer bespoke services for innovative business models under a risk-based approach (RBA). We will work with you to establish and implement the best risk and compliance framework for your own needs and resources.

You can think of Provenance as your Compliance Partner. If you don’t see it in the list of services below, we can build it for you!

Cayman and BVI AML Officers

For all Cayman and BVI registered and regulated entities including Investment Funds and Virtual Assets Service Providers (VASPs), AML officer roles are required to be held by professionals with sufficient experience and expertise. Our team is led by our cofounders Cara Hennessy and Ruan Botha who have a demonstrated history of working in the financial services industry. Our team has legal and financial background, together with ACAMS/ICA or other professional qualifications.

Outsourced AML/CFT/CPF

It’s not always cost-efficient to do everything by yourself, and often it’s a matter of time and scale, or not having a qualified knowledgeable staff with mastery of Anti-Money Laundering/Countering the Finance of Terrorism/Countering Proliferation Financing (AML/CFT/CPF) compliance standards for a certain jurisdiction. Provenance offers a high-quality, technology-based, auditable, outsourced operational compliance solution; whereby clients can outsource their KYC/AML onboarding and ongoing monitoring. We can onboard individuals and entities, and report back to you for any issues or higher risk customers requiring your input. We can also help you design your own compliance architecture complete with preconfigured Risk Matrix, and help you implement it under our guidance and review. We will work together to determine what solutions make most sense to you, and in so doing share our considerable knowledge about third party service providers, required parameters for a successful implementation, and potential issues to consider or pitfalls to avoid.

Compliance Training

For all Cayman and BVI registered and regulated entities training is essential. Having a compliance manual and appointed AML officers is not sufficient. First, no regulator wants to see a good compliance manual sitting on a shelf gathering dust. Second, your staff is the closest to the business and the customers – if they don’t know what the rules are, they will not be able to implement your risk management and compliance architecture. Provenance can perform an assessment of your regulatory and compliance training requirements, provide training on the AML/CFT/CPF risk management and compliance framework, including Operational Compliance, Risk Assessments, and KYC. Training can be delivered at introduction level for new employees, an annual training for all employees, and/or advanced training for Executives.

Audit & Compliance Monitoring

How do you know (and prove to the regulator) that your risk management and compliance frameworks are effective and can be relied upon? Most jurisdictions, Cayman and BVI included, require an audit or testing of compliance systems, at least annually, with the findings being submitted to the Board of Directors and used to upgrade your Policies & Procedures. Provenance offers operational compliance testing and monitoring. This involves selecting sample files for testing at least annually at client, investor and eligible introducer levels, and preparing a findings’ report with recommendations based on industry standards and best practices. If major issues are identified, we can work together to rework your compliance architecture, carry out remediation, and additional training for your staff.

Registration And Licensing Support

Depending on your registration and licensing regime and the jurisdiction, the application process and requirements could be rather different. Often, information is not readily available, or there are recommendations and best practices coming from the regulator which need to be integrated into the application documents. We use our experience to make this much easier and less draining on your team. Provenance can offer advice and assistance in preparing regulatory license applications and advise on or draft various internal Policies & Procedures.

Due Diligence Investigations

Whether this is about the review and risk rating of service providers where a material function is to be outsourced (this is generally required under regulations); a more in-depth or an independent verification of a counterparty you are doing business with; screening private wallets or running due diligence on a crypto-exchange or an OTC counterparty; or running independent AML checks on companies you are investing in; Provenance has you covered. We will work together to determine the type and depth of investigations required, and what the final report will look like, so that your Board of Directors gets a clear and accurate view.

Risk Assessments And Risk Management Framework

Provenance can deliver in-depth Enterprise, Business, Client, Product, Technology, Delivery and Country Risk Assessments. We can also review or draft Enterprise, Business and Client risk assessment procedures and methodologies to ensure they follow local and FATF requirements and have incorporated the appropriate level of risk considerations for virtual assets based on the relevant National Risk Assessment findings. Based on the risk assessment outcome, Provenance will identify priorities for the risk management framework, sufficient information for the Board of Directors to approve the Risk Appetite Statement, and/or aspects of the control framework for enhancement, and this will help in preparation for a regulator onsite or SOC type testing.

Regulatory Inspection Preparation

Provenance can do a complete substantive testing of your AML/CFT/CPF compliance framework in preparation for an inspection or SOC audit. Provenance can help with the administrative fine controls mapping, which means review of your legal and regulatory requirements and determining which of the gaps identified in compliance are finable events, or generally examining the control and accountability for each of the finable events and testing the controls in place.

Suspicious Activity Reports (SARs) Training and Investigations

Provenance can advise on the design and automation of regulatory reporting requirements like SARs, and train your staff on “red flags” specific to the virtual assets space; reporting and record-keeping processes; and how not to “tip off” the customer or applicant for business when a SAR is filed. This is a deeply sensitive matter for staff, and you cannot assume that they will know how to handle a situation without training. Provenance can carry out an enhanced due diligence investigation on an applicant for business or a customer presenting a higher risk profile or an unusual pattern of transactions.

Corporate Governance / Policies And Procedures

The Board of Directors is responsible for compliance, including AML. Provenance can review existing or draft bespoke Policies & Procedures to ensure compliance with local and FATF guidance, and manage ML/TF/PF risks, including virtual asset considerations. Regulators may request that a risk and compliance committee be created at the Board of Directors level as part of the risk management framework, or that a Sanctions Policy be separately adopted, or a Code of Ethics. We can help you navigate the additional requirements and help you build reports for your Board of Directors to have a clear and accurate view of risks.

General Digital Asset Advisory

For businesses in the traditional finance space (TradFi), who want to partner with, invest in, or otherwise participate into the adoption of virtual assets, there are a few changes to operational frameworks and policies and procedures to consider, in order to establish an appropriate control framework for dealing in or with virtual assets. Provenance can help you develop a roadmap so that your business stays compliant.


Provenance has gained in depth knowledge and experience with wallet and transaction screening and partnered with some of the top on-chain analytic companies globally, including Chainalysis and Elliptic, to enhance service offerings for Provenance clients. This includes ensuring that a wallet exposure, activities, and/or transactions are not linked to sanctions, dark web or any other high-risk activities and categories as per industry standards. Provenance also provides on request, ongoing monitoring on wallet addresses. Further to this service, Provenance can provide a holistic view of the wallet’s source of funds, conduct and verify an ownership and control test and verify transactions in order to provide sufficient comfort to our clients. These are some of the practices that Provenance recommends to all clients dealing with private hosted or exchange wallets, which have been identified as a higher risk. This can also be used as part of Enhanced Due Diligence (EDD) investigations. As part of the Wallet Screening Services, there are several levels of investigation possible, together with the Wallet Identification Test that we perform, in order to mitigate any risk of sanctioned activity, dark web exposure, hacking, stolen funds or any other bad activities.

Contact Provenance

© Provenance Group. All Rights Reserved

Scroll to Top