Lysis Group delivered a tailored, regulator-ready EWRA for a leading payments firm, enhancing risk visibility, governance, and compliance readiness.
Payment Services & Card/ Merchant Acquirers
A rapidly growing electronic money institution (EMI) and payment service provider (PSP) with operations across Europe and a client base spanning SMEs, fintechs, and e-commerce platforms. The client operates in a high-risk sector and must comply with evolving financial crime regulations under the UK and EU regimes.
The client was preparing for regulatory engagement and required a comprehensive Enterprise-Wide Risk Assessment (EWRA) to evidence a risk-based approach to financial crime compliance. Their existing risk assessment was outdated, fragmented across business units, and lacked alignment with current regulatory expectations and business expansion plans.
Key challenges included:
• Inconsistent risk categorisation and scoring methodology
• Gaps in data integrity and risk typology coverage
• Limited visibility of inherent and residual risks across products, geographies, and customer segments
• A lack of board-level visibility and clear ownership of financial crime risks
Lysis Group deployed a team of subject matter experts to design and deliver a fit-for-purpose EWRA aligned with FCA, EBA, and FATF expectations. The approach included:
• Conducting stakeholder interviews across compliance, operations, risk, and senior management
• Developing a risk taxonomy tailored to the payments sector, covering customer, product, delivery channel, and jurisdictional risks
• Designing a dynamic EWRA framework to measure inherent, control, and residual risks
• Integrating qualitative and quantitative data sources to inform risk ratings
• Producing a clear narrative for board reporting and regulatory review
Lysis also provided a tailored risk assessment tool and detailed handover to support future updates.
• A comprehensive and regulator-ready EWRA that gave full visibility of the client’s financial crime risk exposure
• Strengthened the client’s financial crime control environment and governance
• Enhanced board oversight with a clear risk appetite alignment
• Positioned the client for confident regulatory engagement and audit readiness
• Provided a scalable framework adaptable to new markets, products, and risk drivers
Lysis Group delivered a tailored, regulator-ready EWRA for a leading payments firm, enhancing risk visibility, governance, and compliance readiness.
Although the client is based in the US, they have European subsidiaries which include the UK and therefore required Financial Conduct Authority (FCA) registration. In order to obtain registration as a crypto asset firm in the U.K. they had to comply with specific FCA requirements.
A major wholesale and investment bank with global reach was placed under a Section 166 order regarding their KYC and AML controls.
Lysis designed and implemented a compliance monitoring framework for a UK-regulated EMI. The aim of the framework was to ensure ongoing compliance with the Electronic Money Regulations 2011 (EMRs), including with the Money Laundering Regulations 2017 (MLRs).
