Funds-flow diagrams: an essential for fintech legal, risk & compliance

Written By Adam Stevenson

If you’re building payments, FX, cards, wallets, or stored value, your funds-flow diagram is the single most important artefact you produce. It’s how regulators, banks, auditors (and your own execs) decide whether your product is safe, compliant, and ready to scale. Get it right and approvals move; get it wrong and you’re in rewrite purgatory.

This guide shows you how to design funds-flow diagrams that are accurate, auditable, and decision-ready.

Why funds-flow diagrams matter

  • Regulatory classification. Who “holds” client money, when “relevant funds” arise, whether you need licenses (e.g., US MTLs, UK PI/EMI), and what safeguarding or trust constructs apply—all flow from the diagram.

  • Bank/processor due diligence. Sponsor banks and networks will use your diagram to test FBO/trust setups, settlement timing, and exception handling before they say “yes.”

  • Internal truth source. Legal, Finance, Ops, and Engineering all build their parts off this picture: contracts, ledger design, reconciliations, and code.

Rule 1: If your diagram and your contracts/ledgers disagree, the diagram is wrong—fix the product or fix the picture.

Core principles

  1. Truth over aesthetics. Clarity beats pretty. Label the legal holder of funds at every step.

  2. Separate money from messages. Show cash movement (solid lines) and instructions/notifications (dashed lines) distinctly.

  3. Time matters. Mark when funds move (T+0/T+1), cutoffs, and holding periods.

  4. Model normal + exceptions + failure. Include returns, chargebacks, reversals, rejected KYC, and partner downtime.

  5. Tie to evidence. Every box/arrow should map to a ledger account, a bank/processor statement line, and a contract clause.

  6. Version control. Date-stamp and link the diagram to the Product Requirement Document (PRD). No PRD → no build.

What every funds-flow diagram must include

  • Entities and roles (with legal names). Your UK subsidiary EMI? Your US program manager? The sponsor bank? Label each with regulatory status where it matters (e.g., “Authorized EMI (UK)”, “Sponsor Bank (US)”).

  • Accounts and titles. Bank name, account title, and nature (e.g., “Client Money Trust Account”, “FBO—Customer Ledger Segregated”). Add safeguarding/trust indicators.

  • Where funds sit, when, and who owns them. Explicitly show beneficial vs legal title, and when obligations to customers crystallise.

  • Settlement rails and timing. ACH/BACS/SEPA/Faster Payments/wires; batch vs real-time; weekends/holidays.

  • FX points. Where conversion occurs, who is the counterparty, which rate applies, and where spread/fees land.

  • Fees and deductions. Who charges whom, when, and against what balance (gross vs net settlement).

  • Exceptions. Returns (R-codes), chargebacks, insufficient funds, sanctions hits, unmatched funds, stale balances.

  • Reconciliation anchors. Show the daily recon boundary: bank statement → GL control accounts → customer sub-ledgers.

  • Customer outcomes on insolvency. Where do customers stand if any party fails? (UK safeguarding, trust deeds, AU client money constructs, etc.)

Layer your diagram (so different audiences can use it)

  • Level 1 – Business view (one page). Who pays whom, high-level timing, and what customers experience.

  • Level 2 – Ops & ledger view. Accounts, journals, reconciliation points, exception flows, and cutoffs.

  • Level 3 – Legal/regulatory overlay. Licensing perimeter, safeguarding/trust basis, relevant laws/policies (e.g., “UK: relevant funds → safeguarding within prescribed timeline”).

Each level references the others. Don’t cram everything into one spaghetti chart.

Notation that survives PDFs and printouts

  • Solid arrows = cash movement; dashed arrows = instructions/notifications.

  • Double-border boxes = accounts where client money is held/safeguarded.

  • Grey callouts = timing (T+0/T+1, cutoff 16:00 local).

  • Icons (optional) = rails (ACH, FPS), FX, fees, returns.

  • Legend on the page—never assume a reader knows your house style.

(If you rely on color, also use patterns/line styles for accessibility.)

Jurisdiction nuances to reflect in your diagram

United States

  • Who holds funds? If your sponsor bank is holder of funds and you act as program manager/agent of bank, show that clearly. If you hold or control funds, you may be in money transmission territory—structure and label appropriately.

  • FBO structures. Show FBO titling, sub-ledgering, and controls. Note return/chargeback flows (ACH R-codes, card chargebacks) and where liabilities sit.

  • Disclosures. Avoid implying deposit insurance or bank status if you are not a bank.

United Kingdom

  • Relevant funds & safeguarding. Indicate when funds become “relevant funds,” where they are safeguarded, timing of daily segregation, and acknowledgement letter with the bank.

  • Wind-down. Reference wind-down triggers and insolvency outcome for customers in your L3 overlay.

  • Open banking (AISP/PISP). Separate data/access flows from money movement.

Canada

  • RPAA functions. If you perform a “retail payment activity” (e.g., holding funds, initiating, authorizing), show which functions you perform vs your partners. Note incident paths (operational disruptions, data breaches) and safeguarding if applicable.

  • FINTRAC AML. Mark onboarding/KYB, sanctions screening, and monitoring touchpoints (even if performed by a partner under reliance).

Australia

  • AFSL/CAR posture. If you “arrange” under a principal’s AFSL as a CAR, label the issuer/holder vs your role; avoid diagrams that imply you hold client money if you do not.

  • Client money/stored value. Where applicable, show trust/client money constructs and reconciliation cadence.

  • AUSTRAC AML. Mark designated services (remittance, FX) and KYC/SMR points.

New Zealand

  • FSPR & AML. Indicate registration/supervision and where AML controls sit. Be precise about who holds funds when partnering with NZ banks.

Red flags that sink diagrams

  • Commingling by omission. If operating funds and client money are in the same box, expect a stop.

  • “Marketing diagram” disease. Claims that you “safeguard like a bank” or “instant settlement” without caveats.

  • Unallocated funds. No path for unmatched inbound payments or stale balances.

  • Negative balances & recovery. No depiction of how you handle overdrafts/chargebacks/returns and who is liable.

  • Contract mismatch. Diagram says partner holds funds; your customer terms say you do.

  • No failure modes. Regulators and banks will ask, “What if the beneficiary bank rejects the payment?” Show it.

What reviewers want to see next

  • Bank letters & account titles. Safeguarding/trust/FBO acknowledgement letters that match your labels.

  • Reconciliation packs. A sample daily recon: bank statement → GL control → sub-ledger, with aging of exceptions.

  • Processor/network statements. Settlement timelines and return/chargeback data that match your arrows.

  • Contract extracts. Clauses on safeguarding, roles, liabilities, and reliance that mirror the flows.

  • Customer comms. Screens/terms showing accurate claims about who holds funds and how redemption/refunds work.

Bundle these in a due-diligence appendix linked from the PRD.

Bottom line

A good funds-flow diagram is not an illustration: it’s a design decision, a control, and an audit artefact. Treat it that way. Make legal title and timing unmistakable, show your exception handling, tie it to ledgers and contracts, and run it through a real sign-off. Do this, and your partners and regulators will spend their time discussing growth, not fundamentals.

Adam Stevenson
Previous

US MTL play: how payments companies can license up (without losing a year)
Next

Going global: getting to market faster by avoiding regulatory pitfalls