DEV Community

Cover image for The Fintech Startups That Actually Take Compliance Seriously
Mark Thorn
Mark Thorn

Posted on

The Fintech Startups That Actually Take Compliance Seriously

#fintech #startup #regtech

Compliance in fintech has a reputation problem. For most of the last decade, the word meant a checklist that founders grudgingly worked through before launch, a legal cost center, and something you dealt with after you had product-market fit. The pattern played out the same way repeatedly: build fast, grow fast, get regulated, scramble.

That approach is running out of road. In January 2025, state regulators fined Block $80 million for insufficient money laundering controls. Starling Bank paid £28.96 million to the UK's FCA in 2024 for financial crime failings. According to KPMG's Pulse of Fintech H1 2025, global fines for non-compliance in the first half of 2025 totalled $1.23 billion, a 417% increase on the same period a year earlier. Even large, well-funded companies are not immune.

A different generation of fintech startups has drawn a different conclusion from this environment. Instead of treating compliance as a problem to solve later, they have built it into the architecture from the start. The audit trail is not an add-on. The traceability is not a feature. The risk controls are not a wrapper around the product. They are the product.

These are five of those startups, each solving a distinct layer of the compliance problem.

1. Neno — Compliance as a Design Principle

Website: neno.co

Most fintech back offices are a mess of disconnected tools, manual reconciliation, and accountability gaps. Neno was built by people who had lived through that mess at some of the most regulated companies in European fintech and decided to start over.

The team behind Neno includes veterans from Adyen, Plaid, Mollie, Deloitte, BDO, and EY. They are backed by Motive Partners and Firstminute Capital, alongside angels from PayPal, Deel, Coinbase, and Miro. That background shapes the product's operating philosophy in a way that is immediately visible in how Neno approaches the basics.

The core principle is stated plainly in their manifesto: every action and transaction must be logged, traceable, and explainable. Not as a compliance workaround. As the baseline expectation for any system that handles real money.

Neno builds the complete back office for entrepreneurs, covering incorporation, business accounts, invoicing, bookkeeping, payroll, and tax in one connected system. The reason this matters for compliance is fragmentation. When financial data lives across five different tools, lineage breaks, reconciliation becomes manual, and the audit trail becomes reconstruction work rather than a live record. Neno eliminates that fragmentation at the source.

Key features:

  • B.V. incorporation with compliance documentation handled from day one
  • Business accounts and cards through Swan, an EU-regulated Electronic Money Institution operating under French ACPR license and registered with De Nederlandsche Bank
  • Invoicing connected directly to bookkeeping with no manual reconciliation step
  • Automated bookkeeping, payroll, and tax with human oversight preserved throughout
  • Every transaction logged, timestamped, and traceable by design
  • Enterprise-grade security controls for all automated operations
  • AI-assisted workflows where humans remain in control of consequential decisions

The compliance architecture here is not just about satisfying a regulator. It is about what happens when your accountant asks a question, when an investor requests a financial report, or when you need to understand why a number changed. The answer is already in the system, traceable back to the original transaction.

Built for: Entrepreneurs and small businesses in the EU who want a back office that runs compliantly without requiring a compliance team to operate it.

2. Salv — Collaborative AML Intelligence

Website: salv.com

The standard model for AML compliance has a fundamental structural flaw. Financial institutions work alone. Each one monitors its own customers in isolation, files suspicious activity reports to regulators, and has no way to know whether the person they just flagged is already being investigated by three other banks.

Salv was founded in 2018 by Taavi Tamkivi, who built the AML, fraud, and KYC teams at Wise and Skype, alongside Jeff McClelland and Sergei Rumjantsev. The founding insight was simple: criminals work in networks. The institutions trying to stop them do not. That asymmetry is exploited continuously.

Salv's answer is a collaborative crime-fighting platform built around two products. The first is an AML platform covering transaction monitoring, customer risk assessment, and screening. The second is Salv Bridge, an encrypted network that allows financial institutions to securely exchange intelligence on bad actors across legal and jurisdictional boundaries, within the bounds of GDPR and EU data protection law.

The Bridge concept was piloted in Estonia with full support from the country's Financial Supervision and Resolution Authority, Data Protection Inspectorate, and Financial Intelligence Unit. All of the largest banks in Estonia participated. The results were concrete: in the early network alone, institutions were preventing financial crime worth €50,000 to €100,000 per week, and the pilot prevented up to €3 million from reaching criminal-controlled accounts.

Key features:

  • Real-time transaction monitoring with automated alert triage
  • Customer risk assessment and ongoing monitoring
  • Sanctions screening across major global watchlists
  • Salv Bridge: encrypted inter-institutional intelligence sharing network
  • Privacy Enhancing Technology (PET) enabling secure data sharing without exposing raw customer data
  • ISO/IEC 27001:2022 certified, SOC 2 Type 2 audited
  • Modular SaaS pricing, deployable in one to three weeks
  • Compatible with core banking providers including Mambu, Thought Machine, and Temenos

Salv is currently active across ten European countries and expanding into Germany, Czech Republic, and Spain. The model matters because it shifts AML from a defensive compliance exercise into an active, networked crime-fighting effort, which is closer to how financial crime actually operates.

Built for: Banks, fintechs, electronic money institutions, and crypto companies operating under EU regulatory frameworks that need collaborative AML intelligence alongside their core monitoring tools.

3. Hummingbird — AML Operations for the Modern Compliance Team

Website: hummingbird.co

AML compliance generates a staggering volume of operational work. Every flagged transaction needs to be investigated. Every investigation needs to be documented. Every Suspicious Activity Report needs to be filed, reviewed, and tracked. For most compliance teams, the tooling to do this work is scattered, outdated, or built for a different era of financial crime.

Hummingbird was founded in 2016 by Joe Robinson and Jesse Reiss, with team backgrounds from Square, Stripe, the US Treasury, and the Office of the Comptroller of the Currency. The thesis from the beginning was that the tools compliance professionals use daily are far behind the tools available to the fraudsters and money launderers they are trying to catch.

The platform covers the full lifecycle of AML compliance work: customer due diligence, transaction and risk monitoring, case management, suspicious activity reporting, and regulatory filing. In September 2025, Hummingbird launched a unified risk and compliance platform bringing all of these capabilities together alongside new customer screening tools covering sanctions, PEP checks, and adverse media monitoring throughout the customer lifecycle.

In 2024, Hummingbird acquired LogicLoop to expand its no-code automation capabilities, allowing compliance teams to build and modify detection rules and workflows without requiring engineering support. The platform has since launched AI Agents and an AI Assistant designed to automate routine casework while keeping investigators focused on decisions that require judgment.

Key features:

  • Customer due diligence with support for onboarding approvals, periodic monitoring, and enhanced due diligence
  • Transaction and risk monitoring with customizable detection rules
  • Case management with collaborative investigation workflows
  • Automated SAR, STR, and CTR preparation with one-click e-filing
  • Customer screening for sanctions, PEP exposure, and adverse media
  • No-code automation builder for compliance workflows
  • AI Agents for alert handling, case preparation, and activity monitoring
  • Reported 70 to 90% reduction in time-per-case for customers using automated workflows
  • Recognized in Forrester's Financial Crime Management Solutions Landscape Q1 2026

Hummingbird has raised $41.2 million in total funding. Its customers include Stripe, Etsy, DraftKings, and FirstBank Puerto Rico, spanning payments platforms, marketplaces, sports betting operators, and traditional banks.

Built for: Banks, fintechs, gaming operators, and crypto companies that need a unified, AI-augmented platform for managing AML investigations and regulatory reporting at scale.

4. Sardine — Fraud and Compliance Unified

Website: sardine.ai

The conventional approach to fraud prevention and AML compliance treats them as separate problems. Separate teams, separate tools, separate data sets. Sardine was built on the observation that this separation is itself a vulnerability.

Founded in 2020 by Soups Ranjan, who previously led data science and risk at Coinbase and headed crypto at Revolut, Sardine combines fraud detection, AML compliance, and identity verification in a single platform. The insight driving the architecture is that 90% of fraud detected on Sardine's customer platforms comes from individuals who have already passed the standard KYC process. Compliance checks at onboarding are not equivalent to fraud prevention. The ongoing behavioral signal matters as much as the initial verification.

The platform uses device intelligence, behavioral biometrics, and machine learning to evaluate risk continuously, not just at onboarding. By February 2025, Sardine had profiled more than 2.2 billion devices and served over 300 enterprise customers including FIS, Deel, GoDaddy, and X, with 130% year-over-year ARR growth in 2024. The company raised a $70 million Series C in February 2025, bringing total funding to $145 million, led by Activant Capital with participation from Andreessen Horowitz, Google Ventures, Moody's Analytics, and Experian Ventures.

Key features:

  • Device intelligence and behavioral biometrics for real-time fraud detection
  • KYC and KYB automation with coverage across 150+ countries
  • Transaction monitoring for money laundering detection and money mule activity
  • Sanctions screening, PEP monitoring, and adverse media checks
  • Customer risk rating for ongoing CDD
  • Agentic AML operations: automated alert review, investigation support, and audit-ready outputs
  • Sponsor banking controls for embedded finance programs
  • SardineX: an industry consortium for real-time fraud data sharing across payment rails
  • Founding members of SardineX include Visa, Chesapeake Bank, Airbase, and Blockchain.com

The FRAML convergence — combining fraud and AML into one workflow — is increasingly where the industry is heading. Sardine has been building toward it since founding.

Built for: Banks, fintechs, payment processors, crypto platforms, and enterprises that need fraud prevention and AML compliance to work from the same data, in real time, rather than in separate silos.

5. Chainalysis — Compliance for the Blockchain Layer

Website: chainalysis.com

Cryptocurrency introduces a compliance problem that traditional financial tools are not designed to solve. Every transaction is public and permanent. The challenge is not access to data. It is making sense of it at scale across hundreds of blockchains, millions of wallets, and transaction volumes that dwarf traditional payment systems.

Chainalysis was founded in 2014 by Michael Gronager, Jan Møller, and Jonathan Levin, and was the first company dedicated specifically to Bitcoin tracing. The core insight was that blockchain is not anonymous. It is pseudonymous. The public ledger contains a permanent record of every transaction. With the right analysis, those records reveal patterns, connections, and ultimately identities.

The platform today covers cryptocurrency compliance and investigation for over 1,500 global institutions including the FBI, DEA, IRS, and international law enforcement counterparts, alongside exchanges like Coinbase and Binance, banks integrating crypto services, and crypto-native businesses. Chainalysis data has been ruled admissible in court and has been used in some of the most significant financial crime cases involving digital assets, including the takedown of the Silk Road dark web marketplace in 2020 and attribution of seven 2021 cryptocurrency thefts to North Korea's Lazarus Group.

The platform's valuation reached over $8 billion in 2025. In 2026, the company launched blockchain intelligence agents, putting the full depth of its data and investigation capabilities into the hands of compliance analysts without requiring specialist blockchain expertise.

Key features:

  • Know Your Transaction (KYT): real-time screening of crypto transactions against high-risk addresses and known illicit activity
  • Reactor: transaction visualization and fund tracing across multiple blockchains and bridges
  • Kryptos: risk profiling for crypto exchanges and counterparty due diligence
  • Hexagate: real-time hack prevention, which helped protect over $50 billion in funds
  • Alterya: fraud prevention processing over $23 billion in monthly transactions
  • Automatic token support covering 260,000+ XRPL tokens and all major token standards
  • Blockchain intelligence agents for automated investigation and compliance workflows
  • Court-admissible data with chain-of-custody standards built into the platform
  • 2026 Crypto Crime Report: illicit addresses received at least $154 billion in 2025, a 162% year-over-year increase

The FATF Travel Rule, which requires virtual asset service providers to share originator and beneficiary information on transfers above a threshold, has made Chainalysis's compliance infrastructure increasingly central to any crypto business operating in regulated jurisdictions. MiCA, the EU's crypto regulation framework entering full effect in 2026, adds further obligations that Chainalysis is positioned to support.

Built for: Cryptocurrency exchanges, custodians, banks entering digital assets, DeFi protocols, and government agencies that need court-grade blockchain intelligence for compliance monitoring and financial crime investigation.

The Pattern Across All Five

These startups operate at different layers of the compliance stack. Neno works at the back office and data integrity layer. Salv addresses collaborative AML intelligence between institutions. Hummingbird handles AML investigation operations and reporting. Sardine unifies fraud and compliance into a single real-time signal. Chainalysis brings compliance infrastructure to the blockchain layer.

What they share is an architectural decision made early: compliance is not a layer added on top of a product. It is a property of the data model, the transaction record, and the decision workflow from the first line of code.

The BCBS 239 principles, the Basel Committee's framework for risk data aggregation, define a standard that most large financial institutions have struggled to meet for over a decade. These startups are, in different ways, building toward what BCBS 239 describes as the goal: data that is accurate, complete, timely, and traceable by design rather than by effort.

That shift does not make compliance cheap or easy. But it changes the cost structure substantially. Compliance work that requires manual reconstruction is expensive, error-prone, and difficult to scale. Compliance that is built into the data architecture runs continuously, costs less per transaction at scale, and produces output that regulators can actually use.

The startups that figure this out early have a structural advantage that compounds over time. The ones that do not are building toward a very expensive reckoning.

Top comments (0)