Compliance policy
Risk Acceptance
Our Risk Acceptance framework outlines the types of customers and activities we do not support, as well as the industries and jurisdictions that are subject to enhanced scrutiny. As a Sharia-compliant fintech, we apply both AML/CFT and Sharia screening.
1) Prohibited Activities
We do not onboard customers engaging in the following activities (non-exhaustive):
Sharia Prohibited - Industries (Haram)
- Alcohol (production, distribution, wholesale, and retail)
- Pork and pork-related products (including pork processing, sausage manufacturing, and pig farming)
- Gambling, betting, and games of chance
- Pornography, adult content, and escort services
- Cannabis and narcotics (including medical cannabis)
- Tobacco and vaping products
Bioethics & Human Genetics (Strictly Prohibited)
- Stem cell trading without strict medical, ethical, and regulatory oversight
- Embryonic stem cell research or commercialization
- Human cloning
- Genetic modification of humans
- Commercialisation of human organs or tissues
Financial Crime & Fraud
- Ponzi schemes, pyramid schemes, or HYIP (high-yield investment programs)
Any fraudulent or deceptive investment structures
Fraudulent Identification
- Fake references or ID-providing services
Unlawful Violence
Any business or organization that:
- Engages in, encourages, promotes, or celebrates unlawful violence or physical harm to persons or property
- Targets violence toward any group based on race, religion, disability, gender, sexual orientation, national origin, or other immutable characteristic
Prohibited Crypto-Related Activities
- Cryptocurrency mixing or tumbling services
- Privacy-enhancing services designed to obscure the origin of funds
- Yield farming or crypto investment schemes based on interest-like or guaranteed return structures
Financial Institutions (Not Supported)
- At this stage, our services are designed exclusively for non-financial businesses.
Accordingly, we do not onboard or provide services to financial institutions or entities whose primary activity involves regulated financial services. - The following categories of entities are not supported:
- Banks and deposit-taking institutions
- Digital banks and neobanks
- Payment Service Providers (PSP), Electronic Money Institutions (EMI), and Money Services Businesses (MSB)
- Remittance and money transfer companies
- Investment firms, brokers, and dealers in securities or derivatives
- Asset and portfolio management companies
- Collective investment schemes, funds, hedge funds, and similar vehicles
- Virtual Asset Service Providers (VASPs), crypto exchanges, and custody providers
- Insurance and reinsurance companies, including takaful operators
- Clearing, settlement, custody, or trust companies acting as financial intermediaries
This restriction is based on our current regulatory scope, risk appetite, and Sharia-compliant operating model. It does not imply that such entities are unlawful; however, they fall outside the scope of services we currently provide.
Important: inclusion above does not replace our case-by-case review. We may decline any customer that falls outside our risk appetite.
2) Our country risk framework comprises three layers:
FATF alignment. We consider FATF statements and publicly available FATF high-risk and increased-monitoring jurisdictions as part of our baseline AML/CFT framework.
Sanctions screening. We perform sanctions screening and ongoing monitoring against applicable sanctions measures, including UN sanctions and other sanctions regimes commonly required by our banking and payment partners.
Internal risk appetite. We may restrict additional jurisdictions based on internal country risk assessment, taking into account geopolitical, banking/partnering constraints, fraud and financial crime risks, and operational considerations.
We do not publish a fixed list of restricted jurisdictions. Decisions are reviewed periodically and updated as required.
3) Business Risk Rating
We apply a risk-based approach to customer onboarding. Some industries are classified as higher risk and are subject to Enhanced Due Diligence (EDD) and, where applicable, additional controls and limits.
| Rating | Description (non-financial businesses) |
|---|---|
| Low | Standard onboarding and monitoring. |
| High | Enhanced Due Diligence (EDD) required; additional controls/limits may apply. |
| Prohibited | We do not onboard these activities (see Prohibited Activities). |
Low- risk business must be:
- A clear and straightforward business model involving legitimate goods or services
- Transparent ownership structure with identifiable beneficial owners
- Verifiable source of funds, supported by contracts and invoices
- Operations conducted primarily in low-risk jurisdictions
- Predictable transaction patterns aligned with the stated business activity
- Limited or no use of cash transactions
- No involvement in high-risk industries or jurisdictions
Must not trigger any of these red flags:
- Newly established companies (≤ 12 months) without a solid business plan
- Limited online presence
- Operating in prohibited, medium- or higher-risk industries
- Payments to high-risk jurisdictionsOther red flags identified via compliance controls
High-risk business categories Affiliated with higher-risk countries and/or involved in:
- Trade-based and commodity businesses (e.g., precious metals, gemstones, import/export, multi-layered supply chains)
- Automotive and high-value goods (e.g., used cars, luxury goods, art)
- Real estate and property-related businesses
- Crypto-related (non-financial) activities (case-by-case, with strict transparency requirements)
- Cross-border businesses involving higher-risk jurisdictions
- Intermediary/agency models with unclear allocation of roles and responsibilities
- Newly established companies (≤ 12 months) without a solid business plan
License
Regulatory
Licensing
Shokran Group maintains an array of licensing and regulatory registrations across jurisdictions to support its activities.
Finvoka Payments Inc. (Canada) is a British Columbia corporation and is registered as a Money Services Business (MSB) with FINTRAC in Canada with MSB Registration Number: M23841914.
MSB Services Offered: Foreign Exchange, Money Transferring, Virtual Currency, Crowdfunding, PSP
MSB Initial Registration Date: 09/05/2023
MSB Registration Expiry Date: 30/04/2026
In addition, Finvoka Payments Inc. obtained a Canadian Payment Service Provider (PSP) licence under the Retail Payment Activities Act (RPAA) effective 8 September 2025.
ShokranPay Inc. (Labuan, Malaysia) is licensed by the Labuan Financial Services Authority (Labuan FSA) to carry on Labuan Islamic Money-Broking Business with Licence Number: MB/25/0130, dated 17 April 2025.
In addition, ShokranPay Inc. has been granted approval to operate as a Payment System Operator (PSO) in Labuan by Labuan FSA (approval letter dated 20 May 2025), pursuant to Section 136 of the Labuan Islamic Financial Services and Securities Act 2010 (LIFSSA).
