External AML &
ongoing compliance

A licence is granted once; staying in good standing is continuous work. For licensed and SRO-affiliated firms too small to justify a full internal compliance department, we run that work as a retained function: the risk analysis and policies, KYC, transaction monitoring, the AML-officer role, and the annual SRO or Supervisory-Organisation audit, handled month to month. Outsourcing transfers the work, not the firm’s responsibility, so we structure the retainer to genuinely operate, not sit as a name on a form.

Marcus AltenburgMarcus Altenburg, Managing Partner Published Updated
At a glance

The compliance function, retained.

Policies, monitoring, KYC and the annual audit, run month to month, so the licence stays in good standing.

For
Licensed & SRO-affiliated firms
Covers
AML officer, monitoring, KYC, audit
Basis
Defined monthly / annual scope
Responsibility
Stays with the firm’s board
Goal
Good standing, year after year
Does an external function fit?
The essentials

What a retained compliance function is

It is the ongoing regulatory work of a licensed or AML-affiliated firm, run for it on a retainer: the risk analysis and policies, KYC and onboarding, transaction monitoring, the AML-officer role, and preparation for the periodic SRO or Supervisory-Organisation audit. The authorisation is granted once; good standing is continuous. Outsourcing transfers the work, never the firm’s ultimate responsibility, so the function has to genuinely operate.

Who this is for

  • portfolio managers and trustees under a Supervisory Organisation;
  • SRO-affiliated financial intermediaries;
  • payment and crypto businesses with heavy AML duties;
  • newly licensed firms needing a function from go-live.

Where it fits

It continues directly from an asset-manager licence or SRO membership, runs the conduct regime behind FinSA registration, and shares the discipline of our AML practice.

The boundary

Retain, hire, or share: which fits

An external function is not right for every firm. The choice turns on size, activity and the depth of the obligation, and we are honest about when an internal hire is the better answer.

A retained function usually fits

Ongoing obligations without an internal department

  • Smaller licensed firms: where a full internal compliance team is disproportionate.
  • Newly licensed firms: needing the function operational from go-live, with no gap.
  • SRO-affiliated intermediaries: with AML duties but limited internal capacity.
  • Firms we licensed: continuing without a break from the authorisation we built.
A hybrid may be better
  • An internal officer supported by our external expertise
  • We cover monitoring and audit; the firm owns day-to-day
An internal hire may be right
  • Larger firms with the volume to justify a full department
  • Models needing a dedicated officer embedded in operations

We say when an internal hire fits better: the point is coverage that works, not selling a retainer.

How it runs

From handover to audit cycle

A clean handover into a continuous function, with no period where the obligations are unowned. Per-step timings are indicative.

  1. Week 1–2

    Review & scope

    Understanding the firm’s activity, risk and supervisory status, reviewing the existing framework, and fixing the retainer scope in writing.

  2. Week 2–4

    Handover & gaps

    Taking over the policies, monitoring and files, closing any gaps, and establishing the AML-officer authority and reporting lines.

  3. Ongoing

    Run the function

    KYC, transaction monitoring and alerts, suspicious-activity reporting, regulatory-change tracking, and reporting to management.

  4. Annual

    Carry the audit

    Keeping the firm audit-ready, preparing the audit file, engaging the SRO or Supervisory-Organisation auditor, and addressing findings.

  5. Continuous

    Keep good standing

    Maintaining the framework as the firm and the rules evolve, so the licence stays in good standing year after year.

Budget

What it costs

A defined monthly or annual fee against an agreed scope and activity profile, so compliance is a predictable cost rather than the expense and uncertainty of building a department. The level reflects the firm’s activity, transaction volumes and supervisory status: a high-volume payment business carries more monitoring than a small portfolio manager. The real comparison is not retainer-versus-nothing but retainer-versus-internal-hire, and for many firms the retained function is both cheaper and more capable.

We quote the retainer in writing against your specific profile. Official SRO, Supervisory-Organisation and FINMA fees are separate.

Ask for a retainer quote
What you need

What a real retainer requires

A retained function that genuinely protects the firm rests on:

  • a defined scope matched to the firm’s activity and supervisory status;
  • genuine authority and access for the external AML officer;
  • management staying informed, engaged and ultimately responsible;
  • monitoring and reporting that are actually performed and evidenced;
  • continuity from go-live or a clean handover, with no coverage gap.

Outsourcing transfers the work, not the responsibility

The dangerous misunderstanding is that appointing an external compliance function makes compliance someone else’s problem. It does not: the firm’s board and management keep the ultimate legal responsibility, and a retainer that is merely a name on a form, with no real monitoring, no engaged management, no evidence, leaves the firm exposed despite the cost, and is what an auditor or supervisor sees through. A real retained function has genuine authority, performs the work, evidences it, and keeps management informed enough to discharge their duty. We structure it that way deliberately, because a compliance function that only looks like one is worse than useless: it is a false sense of security.

Why Goldblum

The function, genuinely run

The value is a compliance function that genuinely operates and keeps the licence in good standing, continuing without a break from the authorisation we built, or taken over cleanly. That is the part we have done since 2014.

10 yrs

Recognised by IFLR1000

IFLR1000, a leading international directory of financial and corporate practices, has recognised us for a decade for banking, finance and regulatory work.

Continuous

Straight from the licence

For firms we licensed, the function runs from go-live exactly as the application promised the supervisor: the approved set-up is the one that operates.

Real

A function, not a name

We structure the retainer so the work is genuinely performed and evidenced, and management can demonstrate its responsibility is met, not a form filled in.

Related

Next in this practice

AML affiliation

SRO membership

The affiliation whose ongoing AML obligations the retained function then carries.

SRO membership
Portfolio managers

Asset manager licence

The licence the retained function continues from, running the compliance set-up from go-live.

Asset manager licence
AML practice

AML & compliance

The wider anti-money-laundering practice this retained function draws on.

AML & compliance
FAQ

External AML & ongoing compliance: FAQ

01What does a retained compliance function actually do?
It runs the ongoing regulatory obligations of a licensed or AML-affiliated firm so the firm does not have to build and staff that function internally. In practice that means maintaining the policies and the risk analysis, operating KYC and onboarding, running transaction monitoring and handling alerts, acting as or supporting the AML officer, preparing the firm for its periodic audit, tracking regulatory change, and keeping the compliance calendar. The licence or SRO membership is granted once; staying in good standing is continuous work, and that continuous work is what a retainer covers. We carry it month to month, so the obligations are met without the firm standing up a full internal team.
02Who needs an external compliance and AML officer?
Smaller and mid-sized financial firms for which a full internal compliance department is disproportionate, and firms that want independent, expert coverage of an obligation they cannot afford to get wrong. Portfolio managers and trustees supervised by a Supervisory Organisation, SRO-affiliated financial intermediaries, payment and crypto businesses, and newly licensed firms all carry ongoing AML and compliance duties that have to be performed by someone competent. Building that capacity internally is expensive and hard to staff; outsourcing it to a retained function is often the proportionate answer. We assess whether an external function fits your size and activity, and where an internal hire is the better route, we say so.
03Can the AML officer role be outsourced?
Yes. Swiss financial firms can appoint an external party to act as, or to support, the anti-money-laundering officer, provided the arrangement gives that person the necessary authority, access and independence, and the firm’s management retains ultimate responsibility. Outsourcing the role is common and accepted, particularly for firms below the size where a dedicated internal officer is justified. What matters is that the function is genuinely performed: monitoring run, alerts cleared, suspicions reported, management informed, not merely named on paper. We take on the AML-officer role, or support an internal one, with the authority and access the role requires to be real rather than nominal.
04How does this relate to the SRO or Supervisory Organisation audit?
The retained function prepares the firm for, and carries it through, the periodic audit that its SRO or Supervisory Organisation conducts. Every AML-affiliated or licensed firm is audited on a risk-based cycle (its policies, its monitoring, its files and its overall compliance examined), and a poor audit can mean findings, conditions or worse. A retained compliance function keeps the firm continuously audit-ready rather than scrambling before each review: the documentation current, the monitoring evidenced, the files in order. We prepare the audit file, engage with the auditor, and address findings, so the audit confirms a working compliance set-up instead of exposing gaps.
05Is this the same as your AML officer outsourcing for unlicensed firms?
It is the same discipline applied at the regulated level. Our <a href="/aml-compliance/">AML compliance practice</a> covers the AML function broadly, including for businesses whose only regulatory touchpoint is anti-money-laundering. This retainer is the financial-regulation version: the ongoing compliance and AML function for <em>licensed</em> and SRO-affiliated firms, where the obligations sit inside a FINMA licence, a Supervisory-Organisation relationship or SRO membership, and where the audit and supervisory dialogue are part of the picture. The two overlap in the AML mechanics but differ in the regulatory weight around them. We scope the retainer to your actual supervisory status, so it covers what your particular authorisation requires.
06What is included in the retainer?
A defined scope, set to the firm&rsquo;s activity and supervisory status. Typically it covers maintaining the AML risk analysis and the policy suite; KYC and onboarding support; running transaction monitoring and clearing alerts; acting as or supporting the AML officer; handling suspicious-activity reporting to the authorities; tracking regulatory change relevant to the firm; preparing and carrying the annual SRO or Supervisory-Organisation audit; and reporting to management. The exact mix depends on the firm (a payment business is monitoring-heavy, a trustee file-heavy), so we define the scope rather than offering a one-size package. What is in and out is agreed in writing at the outset.
07Does outsourcing compliance remove the firm's responsibility?
No, and any provider who suggests otherwise is misleading you. Outsourcing the compliance and AML function transfers the <em>work</em>, not the ultimate legal responsibility, which remains with the firm&rsquo;s board and management. That is why the arrangement has to be real: the external function must have genuine authority and access, management must stay informed and engaged, and the documentation must show the obligations actually being met. A retainer that is a name on a form, with no real monitoring behind it, leaves the firm exposed despite the cost. We structure the retainer so the function genuinely operates and management can demonstrate it has discharged its responsibility, because that is the point of it.
08How quickly can a retained function take over?
For a firm that is already licensed or affiliated, a handover of a few weeks is usual: reviewing the existing framework, identifying gaps, and taking over the running functions. For a newly licensed firm, the retainer often follows straight on from the licensing project, so the compliance function is operational from go-live with no gap. The transition involves understanding the firm&rsquo;s activity and risk, taking on the policies and monitoring, and establishing the reporting lines to management. We aim for a clean handover with no period where the obligations are unowned, because a gap in compliance coverage is itself a risk that supervisors and auditors notice.
09Can you run compliance for a firm you also licensed?
Yes, and it is a natural continuation. When we have built a firm&rsquo;s licence or SRO affiliation, we already know its activity, its risk profile and the framework we designed for it, so taking on the ongoing compliance function is efficient and continuous: the function operates from go-live exactly as the application promised the supervisor it would. Equally, we take on firms we did not license, beginning with a review of the existing framework. Either way, the goal is continuity: the compliance set-up described to FINMA or the SRO is the one that actually runs, year after year. We carry the function so the licence stays in good standing rather than drifting from what was approved.
10How is the retainer priced?
As a defined monthly or annual fee against an agreed scope and activity profile, so the firm has a predictable compliance cost rather than the expense and uncertainty of building an internal department. The level reflects the firm&rsquo;s activity, transaction volumes and supervisory status (a high-volume payment business carries more monitoring than a small portfolio manager), and the scope is fixed in writing at the outset, with the official SRO, Supervisory-Organisation and FINMA fees separate. The comparison is not retainer-versus-nothing but retainer-versus-internal-hire, and for many firms the retained function is both cheaper and more capable. We quote the retainer against your specific profile.
11Can Goldblum be our ongoing compliance function?
Yes. We act as a firm&rsquo;s retained compliance function and external AML officer (maintaining the risk analysis and policies, running KYC, transaction monitoring and reporting, preparing and carrying the annual SRO or Supervisory-Organisation audit, tracking regulatory change, and reporting to management) on a defined monthly or annual scope. We do this for firms we have licensed, continuing straight on from authorisation, and for firms we did not, after a review of the existing framework. The arrangement is structured so the function genuinely operates and management can demonstrate its responsibility is met. The aim is a licence kept in good standing year after year, without the cost of a full internal department.

Send us your enquiry

Describe your situation in a line or two. A partner replies within one business day, in English, German, French, Spanish or Italian. The first conversation is free and carries no obligation.