Designing for Compliance Without Losing User Trust

Retail KYC onboarding for two regulated crypto launches — Australia (AUSTRAC + ASIC) and Europe (MiCA), designed in parallel.

// 2025 · UX + UI + Regulatory design · Mobile & web

// Role: Senior Product Designer — sole designer on the AU & EU flows, with 1 PM, a Compliance Officer and 5 engineers

// Scope: 0→1 KYC MVPs · ASIC investor assessment · existing-user migration

AU and EU KYC onboarding flow overview
01 · Context & stakes

Designs that went into a regulatory filing

Our exchange already had a large client base across Australia and Europe. In 2024 both regions introduced crypto KYC regimes requiring stricter Level 2 verification before derivatives trading — and without compliant onboarding, we risked losing access to two of our biggest markets. I owned the AU and EU onboarding end to end: turning shifting legal requirements into flows users could actually finish, fast enough to hit two regulated launch dates.

Before vs after the new regulations — a short shared flow becomes two divergent AU and EU journeys with knowledge tests, suitability assessments and risk disclosures

Before vs after the new regimes: a short shared flow had to expand into two divergent journeys — AU adds wholesale/retail gating and the ASIC suitability test; EU adds the MiCA knowledge quiz and risk disclosures.

The brief
"Build compliant onboarding for the EU and Australia — fast — without losing the users we already have." Not a pure UX project: the compliance team presented these flows as part of the regulatory submission itself.
02 · The problem

Two frameworks, two different design problems

AUSTRAC (Australia) and MiCA (EU) share the same intent — know your customer — but they pull the design in different directions. Treating them as one flow would have broken under either regulator; treating them as two unrelated products would have doubled the work and split the experience.

🇦🇺 Australia · AUSTRAC + ASIC

A legally fixed suitability test

  • Standard identity capture, but a retail vs. wholesale classification decides what a user can access.
  • ASIC's Product Intervention Order requires a mandatory suitability assessment before any retail user reaches leveraged products — covering leverage, margin, CFD mechanics and AU-specific rules.
  • UX tension: the questions are legally defined and can't be simplified or coached. Make them approachable without dumbing them down.
🇪🇺 Europe · MiCA

Risk disclosure as a real touchpoint

  • Similar base identity, plus mandatory PEP & sanctions screening and a structured investor risk classification.
  • Source of funds triggered at lower thresholds for certain transaction types.
  • UX tension: MiCA mandates risk warnings before key actions — they had to be genuine touchpoints, not dark patterns or legal footnotes.
03 · Approach

Benchmark, modularise, then iterate

a) Benchmarking & strategy

Before designing anything, I studied how five leading exchanges handle the same high-friction moments — tiered verification, benefit framing and knowledge testing. Two patterns held across all of them, and I carried both into the AU and EU flows.

01
One question per page. Every exchange split dense, legally-worded questions into single focused steps instead of one long form — protecting comprehension where it legally mattered.
02
Educate before you gate. A short guide or a clear benefit comparison softened the hard quiz, rather than dropping users into a pass/fail test cold.
b) Modular flow design — systematising for future markets

I didn't start with a system. The AU and EU flows were built in parallel under launch pressure, and every shift in requirements meant reworking screens by hand. The repeated structure only became obvious once both had shipped — so after launch I partnered with the product and design team to turn those hard-won patterns into a reusable modular KYC framework for the markets we'd expand into next.

Modular KYC framework — one shared global core with EU and AU regional branches, designed with the product and design team after launch as a template for expanding into future markets

Built after launch with the product and design team: a shared global core (in colour) with a regional branch per jurisdiction. Distilled from the AU and EU work, it became the team's starting point for future market expansion — a new market is a new branch, not a new flow.

c) Iterations & trade-offs

The assessment experience went through four iterations before it satisfied both compliance and completion:

Four iterations of the assessment screen — one-page scroll, one-question-per-screen, added pre-quiz guide, and AU dropdown branching

The four iterations side by side — each step traded a little speed for the comprehension and structural flexibility compliance and users both needed.

Two iterations were worth a closer look — one solved a structural problem with no precedent, the other was forced on us mid-build.

Iteration 3 — an AU Level 2 dropdown selector that branches verified users into separate retail and wholesale flows with different evidence and benefits

Iteration 3 — AU Level 2 user types. Wholesale and advanced-retail users had different requirements and benefits, with no existing pattern to follow. I added a user-type selector at the start of Level 2 that branches into the right flow — retail into the suitability test, wholesale into evidence upload.

Iteration 4 — a Month 1 to Month 3 timeline showing the identity flow redesigned repeatedly as AU and EU requirements changed on short notice

Iteration 4 — adapting to regulatory change. Requirements kept shifting during build, so the design was updated several times on short notice. Working directly with compliance and legal, I reshaped the flow each month — from a wireframe aligning understanding, to revised benefits, to the branched flow — without ever blocking delivery.

04 · Key decisions

Three tensions, resolved

Every meaningful decision on this project was a trade-off between what the regulator demanded and what the user could tolerate. Three mattered most.

Speed vs. clarity
Before and after the quiz redesign — a dense one-page scrolling quiz versus a focused one-question-per-page flow
Regulation vs. trust
Before and after — a hard quiz that ended in a fail state versus the same quiz preceded by an optional crypto guide that prepares novice users

Compliance signed off that a pre-quiz guide educates without steering users toward "correct" answers — so it shipped as a real UX feature.

Consistency vs. local rules
Reusable page modules — Forms, Questionnaire, Declarations and Upload Doc patterns shared across markets

Page modules: Forms, Questionnaire, Declarations and Upload Doc — composed differently per jurisdiction but built once.

Reusable component modules — landing pages, required-information blocks, and verification step states (not started, ongoing, verified, failed)

Component modules: landing pages, required-information blocks and every verification step state — reused so AU and EU stayed consistent without extra work.

05 · Deep-dive

The ASIC investor assessment

The hardest single screen-set in the project: a legally mandated suitability quiz retail users must pass before accessing derivatives. ASIC specifies the topics; the questions themselves are fixed and can't be paraphrased or omitted.

Tension 1

Legal fidelity vs. readability

The wording is locked — only visual presentation and pacing could change. So I changed everything around the words.

Tension 2

Education vs. testing

Regulators want genuine understanding, not guidance. No tooltips or inline hints on quiz questions — hence the separate pre-quiz guide.

Tension 3

Completion vs. integrity

Reduce friction, but never at the cost of the assessment's legal validity. Failure had to stay a real outcome.

AU verification flow — Level 1 standard verification through Level 2/3 with the crypto guide, ASIC knowledge quiz, and verified states

The assessment in context — Level 1 standard verification flows into the user-type branch, the crypto guide, the legally fixed quiz, and the verified state.

06 · Migration

Moving existing users into the EU entity

Standing up a new regulated entity meant existing users who wanted EU access had to be re-verified under MiCA — not handed a blank new account, but routed to the minimum additional verification needed while preserving what they'd already completed.

State mapping

Many starting points, one path each

Users sat at different verification levels. The flow had to read each starting state and ask only for what MiCA still required — never restart from zero.

Communication

Why you're being asked again

Careful writing: too alarming and users abandon; too casual and they ignore it. The message had to explain the why and the consequence of not acting.

Recovery

Partial completion is a real state

A user mid-migration sits across two entities. The design made that state transparent and recoverable rather than a dead end.

User migration flow from main exchange to EU entity
07 · Final solution

Final designs

Australia — AUSTRAC + ASIC

Step-by-step identity verification, a retail/wholesale dropdown that gates the assessment, then derivatives access or a spot-only path.

AU KYC MVP — basic identity verification, then the retail branch (suitability test) and wholesale branch (evidence upload) of the ASIC assessment

AU MVP: basic verification feeds a user-type dropdown that splits into the retail suitability test (Branch 1) and the wholesale evidence path (Branch 2).

Europe — MiCA CASP

Identity and document verification, PEP/sanctions screening, risk-disclosure acknowledgements, the educational guide and one-question-per-page quiz, with source-of-funds triggered by threshold.

EU KYC MVP — identity and document verification, declarations, the educational crypto guide, the one-question-per-page MiCA quiz, and source-of-funds upload

EU MVP: identity and document capture, declarations and risk disclosures, the educational guide, the one-question-per-page quiz, and threshold-triggered source-of-funds.

08 · Impact

Impact & outcome

Compliance secured

AU and EU flows cleared their regulators; the annotated designs went into the submissions.

Launched on time

Both markets went live on the planned schedule, despite requirements shifting mid-design.

Designed for trust

Educational framing was built to lower cold-start friction without weakening the assessment's legal validity.

Reusable model

The jurisdiction-template structure became the starting point for later regional rollouts.

09 · Reflection

What I learned — and what I'd do differently

Reflection
"The hardest part wasn't the regulation — it was making a legally fixed quiz feel humane without quietly coaching users toward the 'right' answer. I found that design space by sitting with the compliance officer, not working around them."
Context & Stakes The Problem Approach Key Decisions ASIC Assessment Migration Flow Final Designs Impact Reflection Back to Top