Map your fund data flows in minutes
Fund administrators process investor data across multiple fund structures, jurisdictions, and third-party service providers. Clarium makes that complexity auditable — one register, every fund, always current.
How it works
From fund structure to JFSC-ready register in three steps
Document fund structures
Upload your fund prospectus, offering documents, or AML/KYC procedures — Clarium proposes structured Article 30 records for each fund and investor category.
Track third-country transfers
Map every transfer of investor data to fund managers, depositaries, and auditors in the US, Cayman, or Luxembourg. Article 46 mechanisms documented automatically.
Export JFSC-ready records
Generate a complete RoPA in PDF, CSV, or UROPA format — scoped to any fund structure or your full portfolio, ready for JFSC or JOIC review.
The challenge
Fund administration GDPR is not one problem — it's many
Each fund structure, investor category, and service provider relationship creates distinct processing activities. Generic tools treat them the same. Clarium doesn't.
Investor data spans multiple fund structures
Each fund — open-ended, closed-ended, UCITS, AIF — has different investor data flows, AML/KYC obligations, and third-party processors. A single register cannot treat them identically.
Global fund managers mean third-country transfers
Investor data flows to fund managers, depositaries, and auditors across the US, Cayman, Luxembourg, and beyond. Every transfer requires a documented legal mechanism under Article 46.
NAV and reporting data flows are often missed
NAV calculations, regulatory reporting, and performance data all involve personal data when tied to individual investors. These processing activities are frequently absent from fund admin registers.
How Clarium helps
A register built for how fund administration actually works
Fund-by-fund data flow mapping
Model each fund structure as a separate entity within your register. Capture the specific investor data flows, processors, and legal bases for each fund type — not a single generic entry.
Transfer mechanism documentation
Record the Article 46 mechanism for every third-country transfer — SCCs, BCRs, adequacy decisions. Your register becomes defensible evidence for JFSC and JOIC purposes.
AML/KYC processing documented correctly
Clarium maps AML and KYC processing to the correct lawful basis (legal obligation), retention schedules, and data categories. Generated from your existing policies and procedures.
Regulator-ready exports
Export your complete RoPA as PDF, CSV, or UROPA for JFSC, JOIC, or investor due diligence requests. Always reflecting the current state of your register.
From our clients
“Our JFSC RoPA submission was flagged as a model example. Clarium made the difference.”
Chief Operating Officer · Fund Administrator · Jersey
FAQ
Common questions
Do fund administrators need a GDPR Record of Processing Activities?
Yes. Fund administrators process significant volumes of personal data — investor KYC/AML records, beneficial ownership information, and contact data for fund managers and service providers. As data controllers (and often processors on behalf of fund structures), they must maintain an Article 30 register under UK GDPR and EU GDPR. The sensitive nature of investor data and the cross-border transfer obligations make a comprehensive register especially important.
How do we document investor data transfers to fund managers in the US or other third countries?
Any transfer of personal data from the UK or EU to a third country (such as the US, Cayman Islands, or BVI) requires a documented legal mechanism under Article 46 UK/EU GDPR. Standard Contractual Clauses (SCCs) are the most common mechanism. Your Article 30 register must record the destination country, the transfer mechanism used, and a reference to the relevant SCC or other safeguard for each transfer. Undocumented third-country transfers are one of the most common ICO audit findings for financial services firms.
What GDPR obligations apply to AML and KYC data collected from investors?
AML and KYC processing is carried out under a legal obligation (compliance with the Money Laundering Regulations). This must be documented in your Article 30 register with the correct lawful basis, the specific categories of data collected (identity documents, source of wealth, PEP/sanctions screening results), retention periods (typically 5 years post-relationship end under MLR 2017), and any processors involved in screening. Investors also have rights under GDPR — though the right to erasure is restricted where legal obligations require retention.
Start mapping your fund data flows today
30-day free trial. No credit card. Your first fund structure documented within the hour.