VASP scoring
Utilize public information about VASPs to complement internal risk policies.
For your convenience, Sumsub aggregates information about VASPs, such as their legal and regulatory status, countries the company operates in, and AML and proven scam data.
This data is obtained from various sources, such as:
- National corporate registers.
- Databases of all supervisory authorities that grant VASP licenses.
- FATF lists.
- National and international sanctions, warnings and regulatory enforcement, fitness and probity, PEP lists, adverse media.
- YouTube, user reports, scam-related Telegram groups.
- Scam-report services, client reports.
- And more.
The data is combined into a form so-called the VASP score. This score reflects potential risks posed by the target VASP and can be used as a guiding metric when you decide whether to transact with a specific VASP.
Note
The VASP score is only a complementary metric to be used with your internal risk-assessment mechanisms. It can not be treated as an independent risk score.
How it works
The VASP score is based on the following data points:
- Company status
- Company regulatory status
- Countries
- Counterparty risk score
- AML hits
- Evidence of scams
For each point, Sumsub collects the data from one or several partner sources and adjusts the VASP score accordingly:
|
Data point |
Description |
Data Source |
Risk factors |
VASP score |
|---|---|---|---|---|
|
Company status |
Shows whether the company is currently engaged in some business activity. |
Active |
0 |
|
|
Dormant |
30 |
|||
|
Company regulatory status |
Shows whether the company has a license for operations granted by local authorities and is obliged to operate within the framework of regulatory requirements. |
Licensed — the activity is regulated and the entity has a license. |
0 |
|
|
Regulated — the activity is regulated, the legal entity registered but does not have a crypto license. |
5 |
|||
|
Unlicensed — the activity is not regulated and/or a license of the entity does not cover crypto activity. |
10 |
|||
|
Countries |
Shows information about the country of the VASP and its subsequent classification. Crystal provides information about the registration country of the VASPs, where Sumsub takes this information and classifies them based on FATF Lists and Jurisdictions. FATF List is obtained from the FATF website. |
High Risk |
30 |
|
|
Grey List |
20 |
|||
|
Travel Rule |
0 |
|||
|
Other countries |
2 |
|||
|
Counterparty risk score |
Shows the regulatory status of the VASP and its subsequent classification. Crystal provides regulatory data about the VASP such as its license status, and based on that, Sumsub assigns a broad label. |
Green — assigned when a VASP is a licensed exchange, online marketplace, online wallet, P2P exchange (licensed), payment processor, or other. |
0 |
|
|
Yellow — assigned when a VASP is an ATM, unlicensed exchange, P2P exchange unlicensed, liquidity pool or newly added to the directory and there is not enough information about the VASP |
15 |
|||
|
Sumsub |
||||
|
Red — assigned when a VASP is a darknet marketplace, miner, sanctions, ransom, scam, seized assets, stolen coins, terrorism financing, mixing service, illegal service, gambling, fraudulent exchange, enforcement action, darknet service, child exploitation. |
30 |
|||
|
AML hits |
Shows if a match with the data of the UBO(s) or Director(s) of the Company was detected by the Partner in any of their AML data sources. |
PEPs — a match in the PEP sources. |
30 |
|
|
Sanctions — a match in a sanctions list published by international organizations or national governments. |
20 |
|||
|
Adverse Media — a match in some Adverse Media. |
15 |
|||
|
Warning — a match in a warning list published by national authorities. |
30 |
|||
|
Evidence of scams |
Show if any proven evidence of scam involving the target VASP is present. |
True |
20 |
|
|
False |
0 |
Note
When a new match is identified for a VASP, Sumsub reviews the new match as outlined above and reconsiders the assigned status and score (when needed).
Sumsub also automatically generates the Extended Essential Check Report containing all information collected via the Data Partners.
Get Started
To start using VASP score to filter out all VASPs that are within the specified score range:
- Create a rule as described in this article.
- Select the rule action as needed: Put On Hold, Reject, Approve.
- Set up the rule condition as
if: data.counterparty.institutionInfo.vasp.score is between:and specify the range. - Proceed with adjusting the rule and click Save when done.
- Ensure the rule you created is not in Test mode for immediate effect.
Now all transactions within the selected score range will be approved, rejected, or put on hold for manual review.
We recommend using the following reference when selecting the ranges for automated transaction approval/rejection:
| VASP score | Potential risk |
|---|---|
| < 10 | Low |
| 10 - 20 | Medium |
| 20 - 29 | High |
| > = 30 | Severe |
Updated about 1 month ago