Master real risk, not declared risk.

The problem, seen from the African operator.

The terrain of international compliance has hardened massively since 2018. The correspondent banks of international financial centres now require African operators to meet AML/CFT standards comparable to those of their home jurisdiction. Secondary sanctions (OFAC, European Union) can strike without warning. Watch lists multiply. Transparency on beneficial owners is becoming a universal requirement.

Faced with this regulatory inflation, many African operators find themselves in a double bind. First bind: an imported compliance framework, copied from international standards without adaptation to the operational context, producing much paperwork and little real protection. Second bind: a cosmetic framework that ticks the formal boxes without changing practices — and therefore does not survive a serious audit by a correspondent bank or a foreign regulator.

The stake is not to produce more procedures. It is to build a just-sufficient and defensible framework: one that genuinely protects the organisation against critical exposures, is operationally sustainable, and can withstand an international audit.

The Hivesia approach.

1. Mapping real risks, not generic ones.

Every framework begins with a mapping specific to the real flows of the organisation: countries of operation, effective counterparties, sensitive sectors, political exposures. No copy-paste from generic templates.

2. Defensibility before an external audit.

The framework is only useful if it holds before an audit by a correspondent bank, a foreign regulator or a demanding investor. We always design with documentary traceability and argumentative defensibility in mind.

3. Proportionality as a design constraint.

A disproportionate framework is as dangerous as an insufficient one: it stifles operations, gets circumvented, ends up unapplied. We always calibrate to the closest fit — real risk level × available resources × applicable regulatory requirements.

4. Strict operational confidentiality.

On strategic investigations and whistleblowing frameworks, operational confidentiality is non-negotiable. Locked perimeter, dedicated teams, minimal internal traceability.

Our sub-expertise in risk & compliance.

International compliance.

Design and deployment of frameworks compliant with international standards: FATF (40 recommendations), OFAC and European Union sanctions, enhanced KYC requirements for politically exposed persons (PEPs), specific sectoral requirements (correspondent banking, mobile money, fintech). The typical deliverable includes the policy framework, operating procedures, control matrix, training plan and monitoring indicators.

Anti-money laundering and terrorist financing.

Robust and defensible AML/CFT frameworks: risk-based approach, counterparty classification, transaction-monitoring systems, declaration to financial intelligence units (CENTIF in Senegal, FIUs in other jurisdictions), alert management. Our methodology is calibrated to withstand an international correspondent-bank audit — the ultimate measure of defensibility.

Strategic risk management.

Systematic mapping of the organisation's exposures, classification by criticality and probability, design of mitigation frameworks, internal reporting mechanisms. Risks covered include: country risks, counterparty risks, reputation risks, sanctions risks, operational risks on sensitive projects.

Strategic investigations.

Verification of real economic identity (beyond official registries), tracing of complex ownership chains, detection of undeclared conflicts of interest, mapping of hidden capital ties. Always under strict non-disclosure, locked perimeter, dedicated teams. We are not a private intelligence agency and do not conduct judicial investigation — our remit is analytical.

Country risk analysis.

Structured reading of exposures on a target country or African regional perimeter: political risks (alternation, institutional instability), security risks (zones, sectors, populations), regulatory risks (normative changes, real enforcement), economic risks (FX, sovereign counterparties, macro exposure). Typical deliverable: a 15-25 page note with scenarios at 6, 12 and 36 months.

Methodology in four phases.

• 1 · Scoping the real risk perimeter. Identification of effective operational flows, effective counterparties, jurisdictions involved, applicable regulatory requirements. Written NDA before any substantive perimeter.
• 2 · Systematic mapping of exposures. Classification of risks by criticality × probability × regulatory requirements. A clear distinction between first-order risks and ambient noise.
• 3 · Design of the proportionate framework. Policy framework, operating procedures, control matrix, training plan, monitoring indicators. Always calibrated just-sufficient and defensible before an external audit.
• 4 · Support for deployment. Training of front-line teams, support on first real cases, continuous adjustments, preparation for anticipated external audits.

Typical use cases.

• Investment fund with African mandate — pre-acquisition due diligence. In-depth verification of an energy target: real political economy, hidden capital ties, sanctions risks, reputation exposure. Debrief within 21 days.
• African bank — overhaul of the AML framework for international correspondence. Design of a framework defensible before the requirements of the main USD correspondent. External audit prepared jointly.
• Extractive operator — mapping of country risks across 4 African jurisdictions. Structured note per country with scenarios at 6/12/36 months and observable markers. Quarterly update.

Anonymised references.