About Crypto Monitoring
Deter fraud and money laundering at every step of the user journey.
The Crypto Monitoring solution is part of Sumsub's Transactions monitoring for screening crypto wallet addresses and determining the values in the context of its risk.
As a crypto monitoring business, you will be able to:
- Protect your applicants from sending funds to hacked exchanges, darknet, and other risky sources.
- Prevent money laundering and terrorist financing.
- Comply with the regulator’s requirements.
- Complement internal risk policies related to crypto.
- Follow the Travel Rule FATF recommendations identifying risky wallet addresses or VASPs.
Crypto and Chainalysis rules
The Crypto rules are based on our natively integrated Crystal logic. They are intended to process transactions in crypto currencies and check the crypto currency exchanges.
The crypto rules can be customized for any of your business needs. All alerts with detailed explanations will be shown right in our Dashboard.
There are 4 pre-made rules in the Crypto bundle:
- Crypto Monitoring (Crystal): New Screening
- Crypto Monitoring (Crystal): Screening failed
- Crypto Monitoring (Crystal): High Risk
- Crypto Monitoring (Crystal): Privacy coin
The Chainalysis rules should be set up on your side in the Chainalysis dashboard. Then, we will get the signals from Chainalysis in accordance with the work of their system. To check out what exactly triggered an alert, you will need to navigate to the Chainalysis dashboard.
There are 3 pre-made rules in the Chainalysis bundle:
- Crypto Monitoring (Chainalysis): New screening
- Crypto Monitoring (Chainalysis): Alerts to review
- Crypto Monitoring (Chainalysis): High Risk
Both of the pre-made rule bundles can be found in the Rules Library section.
Compliance with Travel Rule
The crypto transactions exceeding a specific threshold will be screened on the risks associated with criminal financial activities, as is required in the FATF Travel Rule recommendation.
The Sumsub Travel Rule solution can be seamlessly implemented since it perfectly works with the rest of the products belonging to the Sumsub ecosystem, such as, for example — Transactions monitoring.
How it works
With the Crypto Monitoring solution, we offer two options for conducting the checks:
- Crypto monitoring via the Crystal provider (default) — our established partner that provides the information for estimating the risks of wallet addresses. All of the settings and results are available in our Dashboard.
- Crypto monitoring via Chainalysis.
For monitoring crypto via Chaninalysis, you can also link your Chainalysis credentials, so the risk estimation process could include the alerts from this provider.
Once the transaction is initiated, it will be processed and accompanied with a report containing the following check results:
- Transaction information
- Transaction crypto info (transfer details and destination address connections)
- Matched rules
- Applicant information
- Counterparty information
- Events
For crypto, the Transaction crypto info details are the most determining for checking the risks associated with the wallet addresses.
Note
This section is only visible for transactions monitored via Crystal. If you analyze your transactions by Chainalysis, you will need to go to the Chainalysis dashboard to see more details.
Tip
Learn more on how to create Chainalysis crypto transactions.
Transfer details
In Transfer details, Sumsub shows the transaction address and estimates the risk level and risk score for a particular transaction. Both values are calculated by Crystal and show whether the transaction might be considered risky due to the different factors indicating connections with criminal activities.
The Risk level and Risk score values are shown as follows:
- A score from 0 to 0.25 indicates the Low value in the Risk level field.
- A score from 0.25 to 0.6 indicates the Medium value in the Risk level field.
- A score from 0.6 indicates the High value in the Risk level field.
Destination address connections
The detailed information on percentage of transactions/exchanges with particular connections is shown in the Destination address connections section. There are the signals indicating the source of funds of a particular transaction.
The following table illustrates the response types that can be provided in the results:
| Signal name | Description |
|---|---|
| ATM | A cryptocurrency ATM operator. |
| Child Exploration | An organization which operates via darknets and is suspected of child abuse and exploitation. |
| Darknet Marketplace | An online marketplace which operates via darknets and is used for trading illegal products for cryptocurrency. |
| Darknet Service | An organization which operates via darknets and offers illegal services for cryptocurrency. |
| Enforcement Action | An entity is subject to legal proceedings. Jurisdiction will be annotated as a subtype. |
| Exchange Fraudulent | Exchange that was involved in illegal activity. |
| Exchange Licensed | An organization that is licensed to provide exchange services. |
| Exchange Unlicensed | An organization that is not licensed to provide exchange services. |
| Gambling | An online resource offering gambling services using cryptocurrency. |
| Illegal Service | A resource offering illegal services or engaged in illegal activities. |
| Liquidity Pools | Smart contracts where tokens are locked for the purpose of providing liquidity. |
| Marketplace | An entity offering legal services/trading goods for cryptocurrency. |
| Miner | An organization which utilizes its computing power for mining cryptocurrency blocks. |
| Mixing Service | A service for mixing funds from different sources to make tracing them back harder or almost impossible. It is mostly used for money laundering. |
| P2P Exchange Licensed | An organization that is licensed to provide P2P exchange services. |
| P2P Exchange Unlicensed | An organization that is not licensed to provide P2P exchange services. |
| Payment Processor | A service which acts as an intermediary between customers and the company which provides services for making a payment. |
| Ransom Extortioner | Extortioners demand payment in the form of cryptocurrency. |
| Sanctions | An organization that is found in sanctions lists. |
| Seized Assets | If the crypto is seized by the government, the default Risk Score is 0%. |
| Stolen Coins | Entities which have taken possession of someone else’s cryptocurrency by hacking. |
| Terrorism Financing | An organization which operates via darknets and is involved in terrorism financing with cryptocurrency. |
| Online Wallet | A service for storage and making payments with cryptocurrency. |
| Other | None of the specified entities above. It may include a subtype. |
Set up rules for signals
For each signal, you can set up a custom rule that will be triggered accordingly.
For instance, to configure a rule for the scam signal:
- Add a condition with the following Field expression:
preScoringContext.cryptoTxnInfo.signals.scam. - Add a value and determine its relation. For instance, a value of the
scamsignal equals to 0.01 or 1 in percentage.
When done, the rule from the example will be triggered during crypto monitoring if there is a 1 % chance of exposure associated with organizations scamming their customers.
The scam attribute is selected for demonstration here, you can put any signal from the list that you need.
Get started
To start using Crypto Monitoring:
- Install the Crypto or Chainalysis rule bundles or create a custom rule.
- Test your setup to double-check if the rules work as expected.
- Submit transactions using any of the following methods:
- Handle monitoring results using the webhooks or Dashboard functionality.
Note
When creating a custom rule for crypto, select the
financeortravelRuletransaction type.
To download the results in PDF, select a particular transaction in the Dashboard, click the kebab menu, and select Summary report.
Updated 21 days ago