Legichain for fintechs
Ship a compliant onboarding flow on the first sprint. No dedicated compliance team required to start; room to grow into a full FCA, MASAK or DFSA-grade programme without re-platforming.
An early-stage fintech faces a structural problem with compliance: the regulator expects bank-grade controls from day one, the founder cannot justify a full-time MLRO before product-market fit, and the legacy vendors who serve banks quote six-figure annual minimums that don't survive a Series A budget. Legichain was built to close this gap. Our defaults ship pre-tuned for a first FCA, MASAK or DFSA review. Our free tier (1,000 credits, no card required) covers a launch-week pilot. The same API that serves the four-engineer startup serves the 200-engineer scale-up — so the integration you write in week one survives all the way through Series C without a re-platforming exercise.
What slows an early-stage fintech down
Not knowing where to start
The regulatory surface for a UK fintech (FCA registration paths, MLR 2017, JMLSG Sector guidance, the relevant FATF baseline) is intentionally non-prescriptive. Founders frequently spend 8-12 weeks understanding what compliance actually looks like before writing a line of integration code.
Regulatory ambiguity at scale-up boundaries
Crossing GBP 1M annual revenue, GBP 5M assets under custody or 10,000 customers typically triggers new obligations — sometimes mid-quarter, often without warning. A vendor that ships fixed rule packs becomes the constraint; what you actually need is a configurable rule layer that grows with the company.
Big-vendor cost structure
Legacy AML vendors target the bank segment with annual minimums in the EUR 250K-1M range. An early-stage fintech burns three to six months of runway on the first contract. Most founders end up building DIY screening against open lists, which then fails the first FCA conversation.
Developer velocity in a regulated stack
The integration patterns that work for an unregulated SaaS (poll-and-cache, eventual consistency, optimistic UI) often fail in a regulated context where every decision needs an audit log, every screening call needs a deterministic outcome, and every webhook needs idempotency. Most founders learn this in their first audit.
How Legichain solves them
Sensible defaults for a first regulatory conversation
Our default rule packs are pre-tuned for what an FCA, MASAK or DFSA supervisor expects to see at first registration or authorisation. Risk thresholds, retention windows, audit-log granularity, webhook delivery guarantees, idempotency on critical endpoints — all wired by default. Your engineering team integrates the API; your eventual MLRO inherits a defensible baseline.
Free tier sized for the launch-week pilot
1,000 free credits per month, 1 request per second, no card required, no time limit. This covers a typical seed-stage fintech through the first 200-400 customer onboardings, full PDF reporting, sanctions and PEP screening on every onboarding, and webhook-driven case workflow. Most of our scale-up customers were on the free tier for the first 3-6 months.
One API across the regulatory surface
Sanctions, PEP, adverse media, watchlists, blockchain AML on five chains, NFC and document KYC, live video, transaction monitoring, Travel Rule messaging — all on one API, one auth model, one audit archive. You integrate once; new compliance surfaces (a new jurisdiction, a new product line, a new regulator) become a configuration change, not a re-platforming exercise.
Scale-with-growth pricing without contract renegotiation
Free, Growth, Business and Enterprise plans on the same API, same SDK, same audit archive. Upgrading from Free to Growth (or Growth to Business) takes 30 seconds in the panel; no contract renegotiation, no implementation project, no data migration. Most of our scale-up customers move tier as they cross specific transaction-volume or seat-count thresholds — usually within a single sprint.
What you get out of the box
- Sensible defaults pre-tuned for first FCA, MASAK or DFSA review
- 1,000 free credits per month, 1 RPS, no card required
- Webhooks, idempotency keys and request IDs wired by default
- Postman collection, OpenAPI spec and Python plus TypeScript SDKs day one
- Grow from Free to Enterprise on the same API, no re-platforming
- Audit archive sized for first regulatory conversation and beyond
Regulatory coverage
Legichain ships with defaults pre-tuned for the regulatory frameworks an early-stage fintech is most likely to encounter — FCA registration paths, AMLD5 and AMLD6 baseline, FATF Recommendations and GDPR. For Turkish operations, MASAK 5549 is available on the same engine.
FCA crypto and EMI registration paths
Default rule packs pre-tuned for what the FCA expects in a Crypto Registration application or a small EMI authorisation. Documentation maps directly to the relevant sections of the FCA Handbook and the JMLSG guidance.
AMLD5 / AMLD6 (Dir. EU 2018/843 and 2018/1673)
Beneficial-ownership lookup, enhanced due diligence triggers, predicate-offence tagging and the criminal-liability documentation framework expected of EU-passporting fintechs operating under the AMLDs.
FATF Recommendations 10, 12, 16 (baseline)
Customer due diligence (R.10), politically exposed persons (R.12) and the Travel Rule for VASPs (R.16) — the FATF baseline that applies regardless of national legislation status. Useful for fintechs operating in jurisdictions still aligning to FATF.
GDPR (Reg. EU 2016/679) and KVKK (Turkey)
Right-of-access and right-to-erasure exports built into the panel. Audit retention configurable per jurisdiction. Data-processor agreement available on every plan including Free. SCC and IDTA paperwork pre-templated for non-EEA data transfers.
Frequently asked questions
Can we really start with no dedicated compliance person on the team?
Yes, for the launch-week to Series A phase. Our default rule packs are pre-tuned for the major regulatory surfaces a fintech is likely to encounter, the audit archive is structured for first regulatory conversations, and the panel surfaces escalations in plain English. What you will need by the time you go through formal registration or authorisation (FCA, MASAK, DFSA, depending on jurisdiction) is a named compliance officer — usually fractional at that stage, typically GBP 1,500-3,500 per month on a part-time arrangement. We can introduce you to fractional MLROs who specifically work with our customer base.
What does the free tier actually cover?
1,000 credits granted once at signup (no monthly refresh on Free). Cost depends on the operation: AML screening 1 credit, address verification 1 credit, blockchain wallet screening 3 credits, KYC verification (NFC + liveness) 5 credits, full onboarding bundle (AML + wallet + KYC + address) 10 credits. PDF report is included in every operation. So 1,000 credits typically covers ~100 full onboardings or ~1,000 AML-only screens. Rate limit is 1 request per second. Audit archive retention is 30 days on Free, 90 days on Growth. All canonical list sources are included on every tier. No credit card is required, no time limit — you stay on Free until you choose to upgrade to a paid plan.
What does an early-stage fintech's first FCA conversation actually look like?
Typically a desk-based exchange between your compliance officer (or founder, at the very earliest stage) and the FCA's Authorisations team, focused on three things: who you are screening against, how decisions are made, and how decisions are retained. Legichain's audit archive produces a single export covering all three: the canonical lists you screen against (with snapshot timestamps), the rule and threshold configuration in force at decision time, and the disposition trail per customer. We provide a one-page mapping document that aligns this export to the relevant FCA Handbook sections; most early-stage customers reuse this document for the formal application file.
How does Legichain handle the transition from Free to Growth to Business as we scale?
Tier upgrades are configuration changes, not migrations. The API endpoint, the SDK, the audit archive schema and the webhook contract are identical across all four tiers. You upgrade in the panel; your monthly credit allowance, rate limit and retention window change immediately. The data you have already generated is retained per the new tier's retention rules. No contract renegotiation is required for Free, Growth or Business; Enterprise requires a contract because of bring-your-own-storage configuration, custom rule packs and a dedicated CSM, but the API contract itself is identical.
What happens if we need to add a regulatory surface we don't have today (Travel Rule, blockchain AML, video KYC)?
All Legichain's regulatory surfaces are on the same API, same SDK, same audit archive — even if you only use one of them today. Adding Travel Rule, blockchain AML, video KYC or transaction monitoring later is a feature-flag change in the panel, not a new integration project. Most customers add their first additional surface within nine months of going live; the typical engineering effort is 1-3 days, not weeks. The relevant rule packs and documentation are accessible from your existing panel, and your audit archive automatically extends to cover the new surface.
Related reading
Pillar guide to the AML screening surface for founders and engineers building their first regulated product: sanctions, PEP, adverse media, watchlists, methodology.
How NFC, document verification, liveness detection and video session controls actually compose into a defensible KYC flow at fintech scale.
Practical guide to MASAK and Law No. 5549 for fintechs operating in or expanding into the Turkish market: obligations, reporting workflows, common pitfalls.
Seven proven techniques for reducing the false-positive load on an AML screening pipeline, with measured impact data from production deployments.
Be screen-ready in an afternoon.
Spin up a free workspace, paste your first API key into a curl, ship a verified onboarding flow before your next stand-up.