ភាសាខ្មែរ — Khmer edition pending native editorial hire
WM

About William Mallett

Founder & Managing Director, CamFinTech

William Mallett founded CamFinTech to do the regulatory approval-navigation and compliance work that getting onto Cambodia's Digital Public Infrastructure rails actually requires — the layer that's unowned by law firms, system integrators, and the rails' own DIY channels.

About the practice

CamFinTech is a fee-only regulatory approval-navigation and compliance firm based in Phnom Penh. We get Cambodian and foreign FinTechs approved onto Cambodia's national rails — Bakong/KHQR (payments, NBC), CamDX/CamDigiKey (identity/data exchange, TSC), CamInvoice (e-invoicing, GDT) — and run the AML/CFT and governance programmes that keep them compliant. Trading as CamFinTech (legal entity CAMFINTECH CO., LTD pending registration).

We're structurally different from the firms most prospects compare us against:

  • We are not a law firm. Reserved legal work (opinions, regulator representation) routes to a Bar lawyer we coordinate; we run the surrounding programme.
  • We are not a system integrator. The technical build is delivered by accredited Service Providers (BanhJi, Innolab/Odoo, MAQSU, SAP/Crimson, KOSIGN, Metfone, GK-Smart); we coordinate the build and own the regulatory approval.
  • We are not a licensed financial operator. Fee-only. We never hold client funds and never operate a rail.

The moat — ex-regulator talent

CamFinTech's defensible space is the layer between "the regulator" and "the build." Applications fail on AML/CFT, governance, capital planning, and documentation — not code. Most FinTechs put engineers on regulatory problems they were never trained for. The fix isn't more engineering — it's people who've worked the regulator's side of the desk.

Our people have hands-on NBC, NBFSA, TSC, SERC, and GDT experience — a competency NBFSA's own 2024–2028 FinTech plan documents as scarce in Cambodia. We hire from the regulated-private side (mid-tier banks, MFIs, PSPs, accredited SPs) and from former-regulator advisors after a self-imposed cooling-off; we never engage current officials.

Operating discipline

Five rules that hold across every engagement, regardless of client or rail:

  • Fee-only. Professional fees for advisory and programme delivery — never commissions, never markups on partner invoices.
  • Never hold client funds. Funds flow through the licensed operator (the client's member bank, the licensed PSP), never us.
  • Never operate the rail. The client (or their sponsor) remains the licensed operator. We stay in the "assist" ring; reserved work routes to licensed partners.
  • Process competence, never access. Post-Huione, any hint of selling relationships is a reputational risk. We market our process; we don't market our contacts.
  • Pricing indicative. Every figure on our materials is a planning estimate, validated by quote at engagement scoping.

Voluntary TCRMG-2026 alignment

We hold our own operations to NBC's Technology and Cyber Risk Management Guidelines (TCRMG 2026) standards — voluntarily, as a non-BFI. Process competence isn't just what we sell. The compliance posture documentation set is available on request for BFI procurement conversations.

Background

[Bio in progress. Coming soon: William's professional background, prior engagements in Cambodian and ASEAN FinTech, and the specific regulatory expertise he brings to DPI approval-navigation work.]

Connect