Compliance program · 2026 baseline
Compliance is the product.
Legal entity
Wavestar Holdings LLC
Jurisdiction
Wyoming · United States
Program owner
Chief Compliance Officer
Contact
compliance@wavestar.space
The posture
Financial-market-utility discipline from day one.
Program domains
0
AML, sanctions, BSA, data protection, trust, whistleblower, conflicts, modern slavery.
Regulatory tracks
0
FinCEN, SEC, CFTC, SEF/DCM — filed in parallel, not sequentially.
SOC 2 Type II target
Q3 2027
Full Trust-Services-Criteria audit. Independent CPA firm engaged Q1 2027.
ISO 27001 target
2028
Information-security management system certification tracking the SOC 2 audit window.
Index
The compliance documents.
- 01
AML / KYC
Customer Identification Program, beneficial-ownership collection under FinCEN BOI, customer due diligence tiers, transaction monitoring, and suspicious-activity reporting.
- 02
Sanctions / OFAC
Screening against OFAC SDN and consolidated EU/UK lists at onboarding, per-trade, and on material event. Jurisdiction embargoes and CAATSA compliance posture.
- 03
Bank Secrecy Act
BSA program documentation, SAR filing standards, currency-transaction reporting thresholds, record retention, and Travel Rule compliance for digital-asset rails.
- 04
Data Protection
GDPR Articles 6 and 9 lawful bases, CCPA/CPRA consumer rights, data-minimisation practice, breach notification, and the Data Protection Officer contact.
- 05
Trust Center
SOC 2 Type II roadmap, ISO/IEC 27001 certification schedule, semi-annual penetration testing, SIG Lite questionnaire, and vendor due-diligence packets.
- 06
Whistleblower
Confidential Speak-Up hotline operated by an independent vendor. Non-retaliation policy. Dodd-Frank Section 922 whistleblower protections preserved.
- 07
Conflicts & Ethics
Code of ethics, personal-trading policy, cooling-off periods, related-party transaction disclosure, gifts and entertainment limits, and political-contribution rules.
- 08
Modern Slavery
Annual statement under Section 54 of the UK Modern Slavery Act 2015. Supply-chain review, supplier code of conduct, and due-diligence methodology.
Vendor assessment
Request the compliance packet.
Prospective clearing members, institutional investors, and counterparty diligence teams can request the current compliance package under NDA — covering SIG Lite, penetration-test summary, BSA/AML policy, and sanctions screening procedures.