Compliance & Regulation
Last updated: 29 June 2026 · Operated by VirtuVault Technologies EOOD
This page is an overview of our compliance approach for prospective clients. It is not a regulatory disclosure document or legal advice. Regulated payment, e-money, account and card services are provided by Alpha Monnaies together with licensed banking and payment-institution partners, and are subject to eligibility, onboarding and the client agreement.
Alpha Monnaies is the trading name for the payments network operated by VirtuVault Technologies EOOD (Bulgaria, UIC 207524160), with operating offices in Switzerland and the United Arab Emirates. Compliance is not a feature we add at the end — it is the foundation of how we connect demanding, regulated businesses to Tier 1 banking infrastructure.
1. Our regulatory approach
Alpha Monnaies is a developer-layer payments technology provider — not a bank. We use cascading, redundant connectivity to integrate regulated banking and payment-institution partners, so clients reach multiple Tier 1 rails through a single relationship. Regulated activity is always performed under the licence of Alpha Monnaies and/or the relevant partner in each market. We design controls to meet the strictest applicable standard across the jurisdictions a payment touches.
2. Licensed partners & oversight
Depending on the service and corridor, activity is provided under frameworks including:
- European Union — Electronic Money Institution / Payment Institution rules under PSD2 and the e-money regime, with the Bulgarian operating entity subject to the Bulgarian National Bank and EU supervision.
- Switzerland — financial-intermediation requirements supervised under the FINMA framework.
- United Arab Emirates — the frameworks of the Central Bank of the UAE and, for virtual assets, VARA.
- Virtual assets — our affiliated VASP activity (the
bulto.ioservice) operates under applicable virtual-asset rules, the MiCA direction of travel in the EU, and FATF Travel Rule obligations.
We perform risk-based due diligence on our partners and review the chain of regulated responsibility for every product before it goes live.
3. Safeguarding client funds
Client funds handled through regulated partners are safeguarded or held in segregated accounts separate from our own operating funds, in line with applicable e-money and payment-services safeguarding requirements. Collection-account structures use named or designated accounts so that incoming funds can be attributed and reconciled to the correct client.
4. AML, CTF & sanctions
We operate a risk-based anti-money-laundering and counter-terrorist-financing programme, aligned with EU AML directives, Bulgarian AML law, and FATF recommendations. It includes:
- customer and beneficial-owner identification and verification (KYC / KYB);
- sanctions, PEP and adverse-media screening at onboarding and on an ongoing basis, including transaction screening;
- real-time and retrospective transaction monitoring for unusual or suspicious activity;
- source-of-funds / source-of-wealth checks where risk warrants;
- suspicious-activity reporting to the competent Financial Intelligence Unit, and record-keeping for the periods required by law.
We comply with UN, EU, Bulgarian, OFAC, UK OFSI, Swiss and UAE sanctions. The activities we will never support are set out in our Sanctions & Forbidden Activities Policy.
5. Onboarding & due diligence
Every client completes onboarding before any service is enabled. Higher-risk relationships — for example regulated brokers, gaming operators, virtual-asset firms, or structures involving PEPs — undergo enhanced due diligence, additional documentation, and senior sign-off, and may be declined. Due diligence is refreshed periodically and on trigger events throughout the relationship.
6. Industry-specific compliance
Different sectors carry different obligations. We tailor controls to each:
Brokers & CFD platforms — collection accounts
Named/segregated collection accounts and reconciliation support client-money handling expectations; we onboard only appropriately licensed brokers and monitor for client-money commingling risk.
iGaming & betting
We serve operators that hold the gaming licences required in the markets they serve, with controls supporting player-fund protection, geo-restrictions, and payout integrity.
Digital asset firms (VASPs)
Fiat rails for crypto businesses apply VASP-grade controls — blockchain-analytics screening, FATF Travel Rule data, and MiCA-aligned practices — alongside standard AML/CTF.
Spend management & cards
Card issuing follows scheme rules and PCI-aligned handling; spend controls, approvals and limits give clients auditable oversight of corporate expenditure.
Corporate FX & payouts
Currency conversion and bulk payments are executed within applicable conduct and best-execution expectations, with transparent pricing and full transaction records.
Business accounts
Multi-currency accounts with local IBANs are opened only after KYB, with ongoing monitoring proportionate to the client's risk profile and activity.
7. Data protection & security
Personal data is processed under the GDPR and Bulgarian data-protection law, as described in our Privacy Policy and Cookie Policy. Our technical and organisational security measures — and how to report a vulnerability — are described in our Security Policy. We run an information-security programme aligned to ISO 27001 and SOC 2 Type II control objectives.
8. Governance, audit & speak-up
Compliance is owned at management level, with clear roles for the MLRO / compliance function, independent review, and staff training. Anyone can raise a concern confidentially or anonymously under our Whistleblower Policy; we do not tolerate retaliation against good-faith reporters.
9. Talk to our compliance team
For compliance questions, due-diligence requests, or to discuss a regulated use case:
VirtuVault Technologies EOOD — Compliance
49A Bulgaria Blvd, fl. 1, Triaditsa, Sofia 1404, Bulgaria
Email: compliance@alphamonnaies.io