Getting Sonic Pay into the Central Bank of Bahrain regulatory sandbox
Co-founded and led the technical build for Sonic Pay, the only crypto aggregator authorized by the Central Bank of Bahrain (CBB) sandbox — bridging traditional fintech and crypto-native services.
Heads up: placeholder draft based on the public bio. AJ will refine and replace sensitive specifics — particularly around regulatory dialogue.
Challenge
We started Sonic Pay with a thesis: crypto rails are eventually going to matter to ordinary fintech in MENA, and the businesses that win will be the ones the regulator actually trusts. That trust takes years to build and zero shortcuts.
In practice the work was unglamorous: convince a major regional regulator (the Central Bank of Bahrain) that a crypto aggregator could operate safely, transparently, and with the same standards applied to any other licensed financial entity.
There is no template for this. The CBB sandbox is meant exactly for this kind of dialogue — but it expects you to come prepared with a real product, real controls, and real people who can answer questions in the language regulators actually use.
Approach
As Co-Founder and CTO I owned three things at the same time:
- Technical architecture. Custody model, on-ramp / off-ramp design, control plane, observability. The shape of the system had to be defensible to regulators before it was performant.
- Regulator dialogue. Translating between an engineering team building in days and a regulator operating in months. The trick is matching the regulator’s documentation cadence — neither getting ahead of it (looks evasive) nor lagging behind (looks unprepared).
- Team and capital. Hiring the kind of senior people who don’t mind that this is going to be a multi-year game, and structuring the capital base to support that.
The single highest-leverage decision was committing — early — to building the regulator interface like it was a product. Documentation, scenarios, control evidence. Not as a deliverable, as a living system. That changed how the conversation went.
Outcome
- Sonic Pay is the only crypto aggregator currently authorized by the CBB sandbox. That is the headline.
- A small, deliberately senior team running a regulated production system in a notoriously hard environment.
- An operating model that scales horizontally — other markets, additional asset classes — without rebuilding the regulator-facing layer.
Lessons that travel
- Regulators are users. Build for them like you would for any other power user.
- In MENA, “first” and “only” are durable moats. Until they aren’t. Use the time.
- Crypto and fintech are not the same business and not the same conversation. Pretending otherwise loses you the regulator.
This case study describes Sonic Pay, where I am Co-Founder and CTO. Sensitive specifics around technical architecture, security controls and regulatory correspondence are intentionally omitted.