At Whish Money, trust is the currency we value most. As a leading fintech licensed and regulated by the Banque du Liban (BDL) (License No. 42/5/19), we are fundamentally committed to protecting our customers, partners, and the integrity of the global financial system.
‍
Our Governance, Risk, and Compliance (GRC) framework is not merely a requirement—it is a proactive defense system designed to ensure financial security, regulatory adherence, and operational resilience across all our market.

1. Regulatory Governance & Licensing

Whish Money operates under a rigid legal framework, ensuring full accountability to national and international authorities.

• Primary Regulator (Lebanon): We are a licensed financial institution regulated by Banque du Liban (BDL) under License No. 42/5/19. We strictly adhere to all Basic and Intermediate Circulars governing electronic payments, cross-border transfers, and digital wallets.
• Global Expansion & Compliance: Validating our commitment to international standards, Whish Money, through dedicated entity, has secured licensure as a Money Services Business (MSB) in Canada, demonstrating our ability to meet North American compliance benchmarks. We are actively aligning our frameworks with regulatory requirements in the US, UK, andEU as part of our global roadmap.
• Audit & Oversight: Our operations are subject to regular independent audits. Our Board of Directors maintains direct oversight of the compliance function, ensuring that risk management is independent of revenue objectives.

2. Financial Crime Prevention (AML/CFT)

We enforce a Zero-Tolerance Policy regarding Money Laundering (ML), Terrorist Financing (TF), and Sanctions Evasion. Our program is built on the FATF Recommendations and the Wolfsberg Group Principles.

• Global Sanctions Screening: Every transaction—domestic or cross-border—is screened in real-time against major global watchlists, including:
  • OFAC (US Treasury)
  • UN Security Council Consolidated List
  • EU Consolidated List
  • HMT (UK)
  • SIC (Special Investigation Commission) Lebanon local lists.

• KYC & Lifecycle Management: We employ a dynamic Know Your Customer (KYC) model. Beyond initial identity verification (Government ID, Biometrics), we perform ongoing Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) for high-risk profiles or politically exposed persons (PEPs).
• Institutional Cooperation: We maintain an open, cooperative channel with the Special Investigation Commission (SIC) and other relevant Financial Intelligence Units (FIUs), filing Suspicious Transaction Reports (STRs) proactively when high-risk indicators are detected.

3. Technology & Risk Architecture

We do not rely solely on manual review. Our compliance is powered by an advanced technological infrastructure.

• AI-Driven Surveillance: Our proprietary transaction monitoring engine uses machine learning to detect behavioral anomalies, structuring (smurfing),and complex fraud patterns in milliseconds.

• The "Three Lines of Defense" Model:
  1. Operational Controls: Automated system limits (velocity, volume, and value caps) embedded at the point of transaction.
  2. Risk Management: A dedicated compliance team that reviews flagged activities and manages regulatory change.
  3. Internal Audit: Independent assurance that tests the effectiveness of our controls.

4. Trusted Global Ecosystem

Our compliance maturity is validated by our integration with the world’s leading financial networks. Whish Money has passed the rigorous due diligence of Tier-1 global partners and independent audit firms. These entities confirm that our control environment meets the highest international standards for counter-party risk.

5. Data Privacy & Cybersecurity

We treat customer data as a critical asset. Our cybersecurity framework aligns with global best practices to ensure data sovereignty and integrity.

• Encryption: All sensitive data is encrypted at rest and in transit.
• Access Rights: Strict role-based access controls ensure that customer data is accessible only to authorized personnel for legitimate business purposes.
• Transparency: We are committed to transparency regarding how data is collected, used, and stored, adhering to applicable data protection laws in every jurisdiction where we operate.