Capital Express reduces compliance processing time by 65% with abemonFLOW

The challenge

Capital Express is a fintech holding a payment institution license under PSD2, specializing in cross-border transfers and instant payments for European SMEs. Founded in Barcelona, the company had grown rapidly since launch, scaling from 200 to 1,200 corporate clients in two years. But the growth that had fueled their success was about to become their greatest threat.

The compliance team, composed of 4 people, manually handled KYC (Know Your Customer) processes, suspicious transaction monitoring, and regulatory reporting. Each new client required document verification involving cross-referencing information across 7 different sources: commercial registries, PEP (Politically Exposed Persons) databases, international sanctions lists, ultimate beneficial ownership verification, and tax documentation. The complete onboarding process for a single corporate client took between 3 and 5 business days.

But the real problem wasn’t just speed. The Bank of Spain had conducted a supervisory audit that identified deficiencies in compliance process traceability. There was no complete audit trail documenting who had reviewed what, when, and using what criteria. Suspicious transaction alerts were managed in shared spreadsheets. And the quarterly reporting to SEPBLAC (Spain’s financial intelligence unit) required weeks of manual preparation because data was scattered across multiple systems.

Capital Express needed to scale their transaction volume from 500,000 to over 3 million monthly to achieve profitability. But with current processes, every volume increase multiplied regulatory risk. Hiring more compliance analysts didn’t solve the fundamental problem: the lack of automation, traceability, and governance in regulatory processes. And the alternative of buying a SaaS compliance solution was prohibitively expensive for their volume and required adaptations that vendors weren’t willing to make for the Spanish market.

The solution

The 3-week Blueprint revealed the true scale of the challenge: 23 regulatory controls being executed manually, 7 disconnected data sources, zero automation in SEPBLAC report generation, and an incomplete audit trail that put the payment institution license at risk.

We designed a solution across four Engine layers, prioritizing compliance and traceability from day one:

Integration was the foundational layer. We connected the 7 external verification sources (commercial registries via API, PEP databases, OFAC and EU sanctions lists, identity verification providers, credit scoring services, and the Bank of Spain’s CIRBE system) into a unified data bus built on Kafka. Every query is logged with its timestamp, source, and result. When a source doesn’t respond, the system retries with exponential backoff and escalates to the team if it doesn’t get a response within the defined SLA. Bidirectional integration with Capital Express’s banking core enables verifications to launch automatically when a client begins onboarding or when a transaction exceeds alert thresholds.

Data unified the regulatory data model. Each client has a single record with their algorithmically calculated risk profile, verification history, aggregated transactions by period, and real-time compliance status. Regulatory business rules (transaction thresholds, suspicious patterns, high-risk countries) were modeled as configuration rather than code, allowing the compliance team to update them without deploying a new version.

Governance implemented the audit trail that the Bank of Spain had demanded. Every compliance decision, whether automatic or human, is recorded with full context: who made it, when, based on what information, and what the outcome was. SEPBLAC reports are generated automatically with pre-validated data. Compliance metrics (response times, false positive rates, screening coverage) are monitored on a dedicated dashboard with alerts when they deviate from target.

Orchestration automated end-to-end regulatory workflows. Onboarding a new client is no longer a manual task list but an orchestrated workflow that launches verifications in parallel, consolidates results, calculates the risk profile, and presents the analyst with a complete dossier for review. If everything is in order, the analyst approves with a single click. If there are issues, the system highlights them and suggests actions. Continuous transaction monitoring works on the same principle: the system detects, the analyst decides.

The results

The impact was measurable from the first month in production. The average compliance turnaround for new client onboarding went from 3-5 days to under 4 hours. Not because controls were relaxed, but because 80% of verifications now execute in parallel and automatically. The analyst spends their time evaluating results, not searching for information.

Transaction volume reached 3.2 million monthly without increasing the compliance team. Suspicious transaction alerts are now managed through an automated flow that filters false positives (which represented 70% of the previous volume) and presents the team only with cases requiring human analysis. The team of 4 analysts manages triple the volume with less stress and better accuracy.

The platform operates with 99.99% uptime in production, a critical requirement for a payment institution processing real-time transfers. The Kafka-based architecture guarantees that no transaction is lost, even during volume spikes or partial failures of external systems.

Time to market was 4 months, compared to the 12 months Capital Express had estimated for an internal build. The difference is explained by reuse of the Engine layers: integration with regulatory sources, workflow orchestration, and the governance framework already existed as proven components. What was built was the specific configuration for the financial use case, not the underlying infrastructure.

The next Bank of Spain audit closed all previously identified deficiencies. The audit trail is now complete, automatic, and queryable. The supervisor was able to verify in real time the traceability of any compliance decision from the previous 12 months.

Engine layers used

• Integration: Kafka data bus with 7 external regulatory sources, bidirectional integration with banking core, automatic logging of every query with SLA and retries
• Data: Unified regulatory data model with algorithmic risk profiles, business rules as configuration, complete verification history per client
• Governance: Complete audit trail for every compliance decision, automatic SEPBLAC report generation, regulatory metrics dashboard with alerts
• Orchestration: Automated KYC onboarding workflows, continuous transaction monitoring, alert management with intelligent false positive filtering