Compliance is our competitive advantage.

FluxPay was built compliance-first. Every merchant benefits from an institution-grade AML/CFT programme, DORA-compliant infrastructure, and transparent regulatory oversight.

Licensed, regulated, accountable.

FluxPay is operated by UAB FluxPayAI, incorporated in Lithuania (company number: 306367141, registered address: Gedimino pr. 20, LT-01103 Vilnius). The company is in the process of obtaining a Payment Institution licence from Lietuvos bankas under the Law on Payments of the Republic of Lithuania.

  • Your funds are held in segregated accounts, completely separate from FluxPay's own funds
  • We are subject to regular supervisory inspections by the Bank of Lithuania
  • Our AML programme is compliant with the 6th EU Anti-Money Laundering Directive (AMLD6)
  • We are in scope for DORA (Digital Operational Resilience Act) requirements

Three Lines of Defence

1st Line — Business Operations

Day-to-day transaction monitoring, merchant onboarding, and real-time fraud detection are the first checkpoint. Every member of the operations team is AML-trained and required to pass with a minimum 80% grade.

2nd Line — CCO & Risk Function

An independent Chief Compliance Officer (CCO) / MLRO operates with a direct reporting line to the Management Board. The CCO oversees the AML/CFT programme, sanctions screening, and regulatory reporting to Lietuvos bankas and the Financial Crime Investigation Service (FCIS).

3rd Line — Internal Audit

An independent internal auditor tests the entire compliance control environment on at least an annual basis, reporting findings directly to the Management Board.

Security

Encryption

All data encrypted at rest (AES-256) and in transit (TLS 1.2+)

Infrastructure

Hosted on AWS with 99.9% SLA and multi-zone redundancy

Access Control

Multi-Factor Authentication (MFA) and Role-Based Access Control (RBAC) enforced across all systems

Identity Verification

KYC powered by Ondato — liveness checks, document verification, UBO registry cross-matching

Penetration Testing

External pen tests conducted regularly

Incident Response

Major incident reporting in line with PSD2 and DORA requirements

Sanctions & AML Screening

FluxPay screens all merchants and transactions against:

  • EU Consolidated Sanctions List
  • UN Sanctions Lists
  • OFAC Specially Designated Nationals (SDN) List
  • National Lithuanian sanctions registers

Screening is automated and run daily. Any match triggers an immediate compliance review. We do not transact with sanctioned individuals or entities under any circumstances.