KYC, AML, and Compliance: The Prop Firm Owner's Survival Guide

Compliance is the least exciting part of running a prop firm. It’s also the part that determines whether your firm still exists in two years.

The prop trading industry went through its regulatory reckoning in 2023-2024. Firms that treated compliance as optional learned — publicly and painfully — that it isn’t. The survivors? They’re the ones who built compliance into their operations before regulators came knocking.

If you’re running a prop firm or planning to launch one, here’s what you actually need to know.

Why Compliance Matters Now (When It Didn’t Before)

Until 2023, prop firms operated in a regulatory gray zone. Most jurisdictions hadn’t figured out how to classify challenge-model businesses. Were they brokerages? Gambling operators? Education companies? Nobody knew, so nobody enforced.

Three things changed that. For the full timeline and details of the industry shakeout, see our analysis of why so many prop firms failed in 2024.

1. The CFTC Dropped the Hammer

In August 2023, the CFTC filed a civil enforcement action against My Forex Funds (MFF), alleging the firm collected $310 million in fees from 135,000+ customers while operating as an unregistered counterparty to trader positions.

The key allegation: MFF was betting against its own traders. When traders lost (which happened ~80% of the time), MFF kept the challenge fees AND the simulated trading losses. When traders won, MFF had to pay out from its fee revenue.

In January 2025, MFF agreed to pay over $5 million in restitution and penalties.

The case established a precedent: prop firms operating as counterparties to customer trades may fall under CFTC jurisdiction. This sent shockwaves through the industry.

2. MetaQuotes Cleaned House

MetaQuotes — the company behind MT4 and MT5 — began revoking white-label licenses from prop firms, citing reputational risk and regulatory concerns. Regulators had been asking MetaQuotes why their platform was enabling unregulated entities.

Firms like True Forex Funds were shut down overnight when their MT4/MT5 access was cut. The crackdown forced the industry to professionalize or die.

3. European Regulators Started Asking Questions

ESMA began examining whether prop firm challenges fall under MiFID II. The Czech National Bank — based in FTMO’s home country — started investigating whether prop firms were offering investment services without proper licensing.

The trajectory is clear: regulation is coming, and firms that aren’t prepared will get caught.

KYC: Know Your Customer (Before They Chargeback You)

KYC isn’t just a compliance checkbox. It’s your first line of defense against fraud, chargebacks, and regulatory action.

What KYC Actually Requires

At minimum, you need to verify:

1. Identity — Government-issued photo ID (passport, national ID, driver’s license)
2. Address — Proof of residence (utility bill, bank statement, within last 3 months)
3. Age — Must be 18+ (or local legal age for financial services)

For higher-value accounts or certain jurisdictions, you may also need:

4. Source of funds — Where the challenge fee money comes from
5. PEP screening — Politically Exposed Person checks
6. Sanctions screening — OFAC, EU, UN sanctions lists

KYC Providers Worth Knowing

Veriff:

• AI-powered identity verification
• Supports 11,000+ government-issued IDs from 230+ countries
• Average verification time: under 60 seconds
• Integrates with major prop firm CRMs including Propriotec
• Pricing: per-verification, typically $1-3 per check

Sumsub:

• Full KYC/AML compliance platform
• Document verification + liveness detection + database checks
• Strong in emerging markets (Africa, Southeast Asia — where many prop traders are)
• Also integrates with Propriotec and other prop firm tech stacks
• Pricing: tiered based on volume

When to Verify

The industry standard is evolving:

• At minimum: Before first payout (many firms still do this)
• Better: Before challenge purchase (prevents fraud early)
• Best: At account creation with re-verification before payouts

Verifying before payout is the absolute minimum. But if a trader buys a challenge with a stolen credit card, passes it, and requests a payout — you’ve now got a chargeback AND a payout liability. Verifying upfront prevents this.

The Cost of Manual KYC

Some early-stage firms try to do KYC manually: a support agent reviews uploaded documents by eye. This works at 100 traders. At 2,000, it’s a disaster.

Manual KYC problems:

• Slow — 10-30 minutes per verification vs. 60 seconds automated
• Error-prone — humans miss fake IDs that AI catches
• Doesn’t scale — you’d need a full-time employee just for KYC at 500+ verifications/month
• No audit trail — regulators want documented, timestamped verification records

Automated KYC through Veriff or Sumsub costs $1-3 per verification. For a $400 challenge fee, that’s less than 1% of revenue. There’s no reason to do it manually.

AML: Anti-Money Laundering

AML is where things get more complex — and more consequential if you get it wrong.

What AML Requires

Anti-money laundering programs typically include:

1. Customer Due Diligence (CDD) — Understanding who your customer is and the nature of their business
2. Transaction Monitoring — Flagging unusual patterns (sudden large deposits, geographic anomalies)
3. Sanctions Screening — Checking customers against global sanctions lists
4. Suspicious Activity Reporting (SAR) — Filing reports with relevant authorities when something looks wrong
5. Record Keeping — Maintaining records for 5-7 years (varies by jurisdiction)

Red Flags in Prop Firm Operations

Watch for:

• Multiple accounts under different identities but same IP/device — Identity fraud or sanctions evasion
• Challenge purchases from sanctioned countries — Iran, North Korea, certain Russian entities
• Large, rapid challenge purchases with immediate chargeback patterns — Stolen card fraud
• Payout requests routed to third-party bank accounts — Not in the trader’s verified name
• Structuring — Multiple small transactions designed to stay under reporting thresholds

What Happens When You Skip AML

Beyond regulatory fines, ignoring AML creates practical business problems:

• Payment processor termination — Stripe, PayPal, and other processors have their own AML obligations. If they detect non-compliant activity flowing through your account, they’ll freeze it. No warning, no negotiation.
• Banking relationship loss — Banks can close your business account with 30 days’ notice if they determine you’re an AML risk. Finding a new bank as a prop firm is already difficult.
• Criminal liability — In many jurisdictions, willful AML negligence carries criminal penalties for company directors.

Jurisdiction-Specific Rules

Where you incorporate and where your traders are located both matter. Here’s the current landscape:

United States

Status: Most aggressive regulatory environment

• CFTC has jurisdiction over firms offering commodity interest transactions
• Most forex prop firms have stopped accepting U.S. clients (FTMO, FundedNext, etc.)
• Futures prop firms (Topstep, Apex) continue operating with more compliance overhead
• FinCEN registration may be required for money services businesses
• State-by-state money transmitter licensing adds complexity

Bottom line: Unless you’re exclusively in futures, the U.S. is the hardest market to serve compliantly.

European Union

Status: Tightening

• ESMA is examining whether challenges fall under MiFID II
• Czech Republic (FTMO’s home) under particular scrutiny from the Czech National Bank
• GDPR applies to all EU trader data — privacy policy, data processing agreements, right to erasure
• The EU’s 6th Anti-Money Laundering Directive (6AMLD) strengthened requirements

Bottom line: EU-wide classification of prop firm programs as regulated financial services is increasingly likely. Firms based in the EU need to be preparing now.

Dubai/UAE

Status: Increasingly popular, moderately regulated

• Dubai has become the #1 destination for prop firm relocation — 0% personal income tax, golden visa options, strategic timezone
• Free zones (DMCC, DIFC, ADGM) offer regulatory frameworks
• DFSA (Dubai Financial Services Authority) and SCA (Securities and Commodities Authority) are relevant regulators
• VARA governs virtual assets specifically

Bottom line: Dubai is attractive but not a regulation-free zone. Firms relocating purely to avoid compliance will eventually face scrutiny.

United Kingdom

Status: Monitoring

• FCA hasn’t taken specific enforcement action yet but is watching
• Some firms have proactively sought FCA authorization
• UK firms must comply with the Money Laundering Regulations 2017 (as amended)
• Consumer Duty rules (July 2023) apply to financial products marketed to UK consumers

Bottom line: Proactive FCA authorization is becoming a competitive advantage for UK-based firms.

Africa (Nigeria, South Africa, Kenya)

Status: Growing market, evolving regulation

• Nigeria’s SEC has shown interest in regulating online trading products
• South Africa’s FSCA is increasing scrutiny on CFD-based products
• Kenya’s CMA has minimal prop-firm-specific regulation
• KYC challenges: informal economies mean fewer standard documents

Bottom line: The fastest-growing trader market in the world needs tailored KYC processes and local compliance attention.

Building a Compliance Program That Actually Works

For Startups (0-500 Traders)

Minimum viable compliance:

1. Integrate Veriff or Sumsub for automated KYC
2. Screen against major sanctions lists (OFAC, EU, UN)
3. Have a written AML policy (even if basic)
4. Use proper terms of service reviewed by a fintech lawyer
5. Maintain clear records of all verifications and transactions
6. Process payouts only to KYC-verified individuals
7. Clearly disclose whether trading is on demo or live accounts

Cost: $500-$2,000/month for tools + $3,000-$5,000 one-time for legal review

For Growing Firms (500-5,000 Traders)

Add:

8. Dedicated compliance officer (or outsourced compliance consultant)
9. Transaction monitoring for unusual patterns
10. Regular compliance training for all staff
11. Suspicious Activity Reporting procedures
12. Data protection officer for GDPR compliance
13. Regular compliance audits (quarterly)
14. Consider jurisdiction-appropriate registration

Cost: $3,000-$8,000/month for tools + staff + legal

For Enterprise Firms (5,000+ Traders)

Add:

15. Full-time compliance team (2-3 people)
16. External compliance audits (annual)
17. Regulatory licensing where required
18. ISO 27001 certification for data security (CurrentDesk has this — it’s a real differentiator)
19. Automated regulatory reporting
20. Board-level compliance oversight

Cost: $10,000-$30,000/month for team + tools + external audits

The MFF Case Study: What Not to Do

My Forex Funds is a textbook example of compliance failure at every level:

1. No proper KYC — 135,000 customers with minimal identity verification
2. Counterparty structure — Betting against traders without disclosure
3. No regulatory registration — Operating as an unregistered entity
4. Misleading marketing — Presented simulated trading as real prop trading
5. Cross-border operations without compliance — Served U.S. and Canadian customers without CFTC/OSC registration

The result: $5M in penalties, criminal investigation, complete business destruction, and permanent reputational damage to the entire industry.

The contrast: FTMO, when faced with regulatory pressure, stopped accepting U.S. clients rather than risk non-compliance. That’s the difference between a firm that survives and one that doesn’t.

Compliance as Competitive Advantage

Here’s the counter-intuitive truth: compliance is becoming one of the strongest competitive moats in prop trading.

Why:

• Trader trust — After MFF, True Forex Funds, SurgeTrader, and The Funded Trader collapsed, traders actively seek firms that demonstrate compliance. KYC verification, transparent company registration, and regulatory adherence are now marketing advantages. For more on leveraging this as a competitive differentiator, see our guide on building a prop firm brand that traders trust.

• Payment processor stability — Compliant firms keep their Stripe accounts. Non-compliant firms get frozen, lose revenue, and scramble for alternatives. See our guide on payment processing for prop firms for the multi-PSP strategy that protects against processor loss.

• Longevity — The top 10-15 firms now control 70-80% of the market. They got there partly because their compliance programs let them survive when weaker firms died.

• Partnership access — Technology providers, payment processors, and liquidity providers increasingly require compliance proof before onboarding. PropFirmsTech, for example, works with firms to ensure their tech infrastructure supports compliance workflows from day one.

The prop firm industry is maturing. What was the Wild West is becoming a professional financial services sector. The firms that treat compliance as infrastructure — not overhead — will be the ones still operating in 2028. Our country-by-country prop firm regulations guide maps the specific requirements in each major jurisdiction.