K33 uses n8n to automate compliance and anti-money laundering workflows

Background

K33 is a Norway-based cryptocurrency exchange and broker that serves high net worth individuals, corporate clients and financial institutions across Europe and beyond. Unlike retail-focused exchanges with hundreds of thousands of users, K33 focuses on a smaller number of clients with large order sizes, providing a highly personalized and trust-driven service. The company is owned by K33 AB, a publicly listed entity on Nasdaq First North Stockholm, which means the team of around 10 people carries the regulatory obligations of a much larger organization.

Giuliano Ciccone, COO of K33, joined the company five years ago and oversees the company's operations. From his vantage point, the core challenge has always been to be compliant and to document that compliance. As a regulated entity, K33 must adhere to comprehensive regulation under MiCA, DORA, anti-money laundering (AML) regulations and more. This results in the need to orchestrate an ever growing list of processes, procedures and routines, all of which have to be documented and shared with relevant regulators, auditors, law enforcement and others. On top of that come the recurring tasks related to customer onboarding, ongoing monitoring and life cycle management. "Being an exchange and a broker is not the difficult part," Giuliano said. "The difficult part is managing and documenting compliance with ever increasing demands."

This regulatory burden consumes roughly 70% of the team's time. Every customer must be classified by risk level, monitored on a recurring basis, and re-verified at set intervals. High-risk customers require annual reviews, medium-risk every two years, and low-risk every three. Before adopting n8n, many of these processes were handled manually, creating bottlenecks, inconsistencies, and significant exposure to human error.

Challenge

Compliance held together by spreadsheets and memory

Before n8n, K33's compliance and onboarding workflows were chaotic. Customer data arrived via email, and operators had to manually enter it into the AML software. Risk assessments were documented in notes, but the formal classification step was sometimes forgotten. Consistency checks required someone to download CSV files and manually verify whether addresses, tags, and risk levels had been properly recorded for each client.

Small mistakes with serious consequences

The manual nature of these processes was not just slow, it was error-prone. Operators would complete a risk assessment and write up the rationale, but then forget to update the formal risk classification in the AML system. With a small team handling the obligations of a publicly listed, regulated company, even small mistakes could have serious consequences during audits.

Why cloud automation wasn't an option

K33 explored cloud-based automation tools but none of them met the company's strict compliance requirements. Every single workflow at K33 deals with customer private and sensitive data under GDPR regulation. Sending this data through third-party cloud services would make those providers sub-processors of customer data, creating unacceptable regulatory risk and added complexity. K33 needed a solution that could be fully self-hosted, tightly secured, and accessible only from company-issued devices.

Solution

Self-hosted by design

K33 deployed n8n as a self-hosted instance, restricted by IP, limited to company-issued devices, and protected by single sign-on. This architecture gave the team full control over customer data without introducing any third-party data processing risk. "With n8n, everything stays in our server, we are in control. Self-hosting takes a lot off our plate in terms of compliance and complexity," Giuliano explained.

Automating the full customer lifecycle

Using n8n, K33 built workflows that cover the entire customer lifecycle. The onboarding flow begins when a lead arrives through a web form. n8n qualifies the lead based on a questionnaire, automatically books a meeting with a client manager, and sends a rejection email via SendGrid if needed. From Slack, the manager can approve the lead, and n8n pushes the collected data into the AML software to begin the formal onboarding process.

Ongoing compliance on autopilot

For ongoing compliance, n8n manages periodic verification workflows. The system tracks each customer's risk tier and triggers KYC review reminders at the appropriate intervals. If a customer does not respond, n8n automatically restricts their trading account, sends escalation emails, and notifies the compliance team via internal communication. If the customer completes their review, n8n checks whether the account was merely restricted or fully terminated, and routes the case accordingly.

A custom node that changed everything

Giuliano also built a custom n8n node for the AML platform, which handles the complex authentication required by the AML software. This bespoke node allows non-technical team members to interact with the AML platform directly from n8n, performing operations like adding notes, updating tags, and changing risk classifications without needing to understand API authentication. "Our employees can just interact with our AML software without thinking about authentication or anything," he said. "That has changed things dramatically."

AI for smarter compliance checks

More recently, K33 began integrating AI into their n8n workflows. One use case involves fuzzy matching of customer names. When a client uploads their passport during onboarding and also confirms their name manually, an AI model in n8n compares the two and flags potential mismatches with a confidence score. Rather than relying on rigid rules, the system can suggest that a last name change might indicate a marriage and recommend reaching out to the customer. Another AI-powered workflow runs daily, comparing every client profile in the AML platform against K33's internal policies and flagging inconsistencies in an internal support channel.

Prototyping before committing

n8n also serves as a prototyping platform at K33. Instead of committing expensive developer hours to untested ideas, team members use n8n to build and validate workflows themselves. "Just create a workflow, prototype it, let's see where it fails," Giuliano tells his client managers. "And then maybe we elevate it to an actual development project."

Impact

A cultural shift, not just an operational one

The most significant impact of n8n at K33 is cultural. Before n8n, automation was something that happened behind closed doors, outsourced to consultants or developers. Team members could request a workflow but had no visibility into how it worked. With n8n, that dynamic has fundamentally changed. The visual, step-by-step nature of n8n workflows allows even non-technical employees to understand, build, and own their automations.

The head of compliance, who studied law and has no technical background, now independently explores n8n, watches tutorials, and builds workflows that interact with the AML platform's APIs. "Suddenly, people that study law are starting to click and drop and interact with APIs," Giuliano said. "Non-technical people are not scared of data anymore." This shift from passive consumers of automation to active builders represents the deepest change n8n has brought to K33.

Measurable time savings

On the operational side, the compliance verification workflow alone has saved the equivalent of more than a full-time employee. Tasks that previously took an hour per client are now handled automatically by n8n, with human intervention only required for escalated cases. Daily consistency checks that once consumed entire workdays now run as scheduled n8n jobs, flagging issues in internal communication channels for quick resolution.

Workflows that impress auditors

The visual interface of n8n has also proven valuable in regulatory contexts. When K33 presents its compliance processes to auditors, the team walks through the n8n workflows step by step, showing exactly how risk is mitigated at each stage. "When we show auditors that we're mitigating risk with this workflow, they love it," Giuliano noted.

Compliance and agility, together

By choosing n8n's self-hosted deployment, K33 maintains full data sovereignty while giving 80% of their employees the power to automate their own work. n8n has become the operational backbone of a small company carrying the regulatory weight of a publicly listed financial institution, proving that compliance and agility can coexist when the right platform is in place.