Regional compliance, line by line
Three regulators, one continuously updated public doctrine. Inopay is a technical intermediation provider. Orders are always executed by licensed SGIs.
CREPMF — WAEMU / BRVM
CREPMF general regulation, articles applicable to technical intermediation providers, BRVM listing rules, securities account-keeping rules.
Inopay is a technical intermediation provider. Orders are executed exclusively by CREPMF-licensed SGIs. The CREPMF 2026 Doctrine, published in Q1 2026, recognizes the portability of cryptographically-signed KYC and technical-provider status for actors such as Inopay.
Inopay prepares the KYC file, signs the client instruction and routes the request. The licensed SGI validates, executes on BRVM and holds the securities in the end client's name.
COSUMAF — CEMAC / BVMAC
COSUMAF general regulation, BVMAC listing rules, conditions of operation for market intermediaries in the CEMAC zone.
Inopay's position: order flow and securities account-keeping fall exclusively under COSUMAF-licensed SGIs. Inopay acts as a technical orchestrator without custody of funds or assets.
The Ed25519 portable KYC is carried by Inopay and accepted by partner SGIs under bilateral agreements. Any execution goes through the SGI, which remains the sole regulatory responsible party.
SEC Ghana — GSE
Securities Industry Act, GSE and SEC Ghana rules applicable to Licensed Dealing Members and third-party technology providers.
Inopay's position: Inopay operates as a technology service provider. Execution and custody fall under Licensed Dealing Members regulated by SEC Ghana.
Inopay provides the portable KYC, the order API and the SDK. The partner LDM retains regulatory responsibility for execution and custody of securities.
Cross-cutting block
Public policies applicable to Inopay and contacts of responsible teams.
AML/CFT policy
Inopay enforces an AML/CFT policy aligned with FATF standards and local requirements. Automated screening, transaction monitoring, documented escalation.
Read full policyIncident notification
Any security, compliance, or market incident is notified within 24 hours to the relevant regulators and impacted partner SGIs, in line with our incident playbook.
security@getinopay.comDPO & compliance team
The Data Protection Officer and compliance team handle GDPR requests and regulator inquiries.
dpo@getinopay.comcompliance@getinopay.comA regulatory question?
Our compliance team answers legal teams, regulators and SGIs within 48 business hours.
Contact compliance team