Wincent — Internal Brief

01 Company Overview

CompanyWincent — crypto / digital assets compliance firm

LocationPortugal

Company size❓ TBD — larger than 7 (verify directly)

Team affected7 people (6 active daily) — compliance/ops only

Entry pathReferral — Nicola Morfini

Key contactsMariana Costa (ops lead) · Charalampos Lazoglou · Veronika Gmiterko · Nicola Morfini

Decision processLegal officer + directors — board approval required

Temperature🟡 Warm — real pain, process buyer, no budget signal yet

ICP fitNot ICP — financial services hard fail. Custom build.

Proposal deadlineJune 5, 2026

02 Project Scope

What we are building: Wincent is a crypto compliance firm in Portugal. Their 7-person operations team has roughly 40 client onboarding processes open simultaneously — each one can run for months — all involving 6 disconnected tools — SamSap (client data), Asana (task tracking), Google Sheets (risk assessment), Elliptic (transaction monitoring), Fireblocks (trade registration), and Google Drive (document storage). None of these tools communicate with each other. Every time a client moves through onboarding, the team manually carries information from one system to the next. This costs them 5+ hours per day — around 80-90% of all onboarding work.

We are building a background automation layer that connects these 6 tools and keeps them in sync. When something changes in one system, the others update automatically. The team continues working in the same tools they use today — nothing changes on the surface. The engine runs invisibly behind it.

Tool stack — API feasibility

Tool	Role	API Status
SamSap	Client data repository	🔴 No public API found anywhere. Critical unknown — need docs or vendor contact before architecture can be finalised.
Asana	Project management	🟢 Fully public API, webhooks, OAuth 2.0
Google Sheets	Risk assessment	🟢 Sheets API v4, service account supported
Elliptic	Transaction monitoring	🟡 Public API confirmed (developers.elliptic.co), HMAC auth. Enterprise contract required. Alert suppression endpoint coverage needs verification under their contract.
Fireblocks	Trade registration	🟢 Public API, RSA JWT auth, webhooks v1+v2 confirmed
Google Drive	Document storage	🟢 Drive API v3, service account supported

What we build

① SamSap → Google Sheets risk assessment (auto-populate)

Client questionnaire responses automatically map to Google Sheets risk model fields. Eliminates manual copy-paste and scoring errors.

High potential

② SamSap → Elliptic (wallet auto-registration)

Client wallet addresses extracted from SamSap and automatically registered in Elliptic for transaction monitoring.

High potential

③ SamSap state → Asana task automation

When client completes a step in SamSap, the corresponding Asana task advances and is assigned automatically. Weekly status posts auto-generated from task state.

High potential

④ Automated client follow-up reminders

Daily job checks all ~40 active cases. When a client has pending documents, automated email reminder sent. Eliminates manual daily monitoring.

High potential

⑤ Elliptic smart filter / alert deduplication

Middleware between Fireblocks and Elliptic. Internal whitelist of cleared exposures suppresses duplicate alerts for already-reviewed risks.

High potential

⑥ Google Drive auto-filing

Documents and reports automatically filed to the correct client folder in Drive when milestones are reached.

Medium potential

⑦ Periodic review auto-creation in Asana

Risk rating + date in Excel triggers automatic Asana project creation at the scheduled review date (1-3 year cycle).

Medium potential

Out of scope

No new UI / case manager dashboard

Team stays in Asana and SamSap. If Wincent later wants a dashboard, that is a Phase 2 conversation.

Out of scope v1

No changes to Elliptic or SamSap configuration

We integrate via their APIs — we do not modify how they use those tools directly.

Out of scope v1

03 Confirmed Pains

Only what was explicitly said on the call. Nothing inferred.

Same client data entered manually into 4-5 systems after every SamSap questionnaire submission"A nossa ideia era que a partir do momento em que essa informação existe num sistema, pudesse ser atualizada noutros" — Ops Lead
No central view of onboarding status — team opens 4-5 tools to check one client"Idealmente algo acima de todos estes sistemas que fosse case manager" — Ops Lead
Duplicate Elliptic alerts for exposures already reviewed and cleared (e.g. Russia)"Nós não conseguimos fazer o whitelist dessa exposição que já identificamos" — Ops Lead
Weekly status reports across ~40 Asana projects written manually, one by one"Temos que vir aqui e fazer os posts dos estados — demora-nos muito tempo" — Ops Lead
Periodic client review dates set in Excel but Asana projects created by hand, months later"Temos que manualmente verificar e criar projeto no Asana para revermos o cliente" — Ops Lead
5+ hours/day manual labor across the 7-person team — 80-90% of onboarding is manual"Em todas as tarefas manuais no geral, sim nós passamos se calhar cinco horas por dia" — Ops Lead
No internal dev capacity — explicitly stated as a hard requirement for any solution"Não tínhamos essa capacidade de ter alguém que pudesse fazer essa continuidade" — Ops Lead

04 Build Cost

Assumes AI-assisted development (Claude Code + Codex). ~2x productivity multiplier applied to dev hours.

Role	Hours	Rate	Cost
Partners (consulting — kickoff, architecture, review, client calls)	10h	$200/h	$2,000
Dev — AI-assisted (traditional ~200h ÷ 2x multiplier)	100h	$60/h	$6,000
AI tooling — Claude Code Max + API overflow (~$800/mo × 2.5mo)	—	—	$2,000
Base build cost			$10,000
+25% custom premium (zero replicability — full cost on this client)			+$2,500
Total build cost			~$12,500 / €11,500

Top 2 unknowns that could move hours:
1. SamSap API type — if polling only (no webhooks), add ~20-30h. If no API exists at all, architecture changes significantly (hours TBD).
2. Google Sheets model — confirmed they use Sheets, not Excel. Sheets API v4 is clean, service account supported. Low risk, ~5-10h integration.

Complexity: Medium-High · Build estimate: 8-10 weeks · Dev profile: LatAm + AI-assisted

05 Pricing

Factor 2 — Client value

Client hidden cost~€40,000/yr (5h/day manual work across 7-person team)

Our price€14,400/yr (€1,200/mo × 12)

Client ROI1.8x — they save €25,600/yr net

Verdict✓ Passes

Factor 3 — Replicability

Pipeline demand: 0 clients — crypto/compliance vertical outside ICP. Full build cost on this client. Custom premium (+25%) already applied in Section 4.

Final pricing

Month 1 — Implementation (one-time)€4,500

Month 2 — Testing period€0

Month 3+ — Monthly subscription€1,200/mo

Annual equivalent€14,400/yr

Floor + margin check

Floor check (≥ €10K/yr)	✓ PASS — €14,400/yr
Y1 revenue	€4,500 + (€1,200 × 10mo) = €16,500
Y1 margin	€16,500 − €11,500 = +€5,000
Y2 annual profit (~€780/mo support cost)	~€6,600/yr
Client ROI	(€40K − €14.4K) / €14.4K = 1.8x ✓

06 Replicability

Module registry matchNone — custom build, outside all current modules

Pipeline demand0 clients — financial services not in ICP

Architectural reusePartial — orchestration patterns reusable in future builds

VerdictZero replicability. Price to full recovery.

Note for Raffaello: Outside ICP. Taking it because (1) the pain is real and well-scoped, (2) Nicola referral opens a warm channel into crypto compliance, (3) build cost is low with AI-assisted dev. Not a strategic pivot — a one-off. If a second compliance client appears, revisit building a module for it.

07 Deal Dynamics

Risks

Board approval process — 2-3 week delay between proposal and sign. Need proposal in their hands by June 5 to stay on track.

No budget signal — they have approved this type of spend before but we have no anchor. Proposal is the first data point for the board.

SamSap API uncertainty — if polling only, adds 20-30h. Must surface in Month 1 discovery to avoid post-sign surprises.

Zero replicability — if build slips to 3 months, margin disappears. Build timeline must be tight. No feature creep in v1.

Strong referral from Nicola — warm entry, trust already established. Not a cold outreach close.

They have bought software this way before — board process is known to them. No education required.

Data handling not yet scoped. Regulated crypto compliance firm processing client KYC data. Before finalising architecture, need to understand: data residency requirements, GDPR obligations, audit trail depth, MiCA-related constraints. One scoping question sent — if the answer is complex, it adds scope.

Why now

Team grew from 2 to 7 recently. Processes were never scaled. Only now that the ops team is large enough do they have the bandwidth to fix what they have been tolerating. Classic "now we have people to define processes" trigger.

08 Open Questions

Being sent to Ops Lead via external scoping doc. None block sending the proposal — scope caveat covers them.

#	Full question (sent to client)	Why it matters	Blocking?
1	Can you share SamSap's API documentation, or connect us with their technical team? We could not find public documentation anywhere.	Critical — architecture changes significantly if no API exists	Yes — scope caveat
2	Does your risk model need to stay in Google Sheets, or are you open to the same logic living inside the system we build?	~5-10h either way — Sheets API is clean. Low risk.	No
3	Can you confirm API access for Asana and Fireblocks?	Almost certainly yes — low risk	No
4	When your team clears an exposure, who should be able to add it to the whitelist? And at what level: per entity (e.g. "Gazprom"), per exposure type (e.g. "Russia country risk"), or per client-entity pair?	Affects filter engine complexity and admin UI scope	No
5	Roughly how many new client onboardings start each month? (We know you have ~40 active — we are asking about monthly intake going forward.)	Sizes the system correctly for growth	No
6	How would you describe Wincent's regulatory role? For example: crypto asset manager, broker, compliance service provider, or something else.	Audit trail requirements — affects v1 spec	No
7	Does your board have a preferred format for proposals? We typically send a web page but can export to PDF or Word if that works better for your approval process.	Proposal format for board submission	No
8	Do you have specific requirements for how client data is stored and handled — data residency, retention policies, or audit trail depth?	Architecture decision: EU-only infra, GDPR logging, MiCA compliance scope	No — but shapes v1 spec

09 Decisions Needed from Raffaello

Need answers before the proposal goes out. Please reply with yes/no or your pick on each.

Pricing OK? (€4,500 impl / €1,200/mo)

Built from the 3-factor model against €40K/yr client hidden cost. Y1 margin +€5K, Y2+ ~€6,600/yr. ROI check passes at 1.8x. If you think we can push given the board-approval process, we could go to €1,500/mo — still passes ROI at 1.5x.

Any concern on taking a non-ICP client?

Financial services is a hard ICP fail. Decision to proceed: referral quality (Nicola), low build cost (AI-assisted), clear scope, strong pain signal. Not a strategic pivot — a one-off. Flag if you see a risk I am missing.

Scope caveat wording OK?

"Pricing assumes API-based integrations across all 6 systems. Any scope adjustment identified during the Month 1 kickoff will be communicated within 5 business days before any additional cost is incurred." This protects us on the SamSap and data handling unknowns without alarming the client.