{ "id": "casp-mica-compliance-operating-model-graph", "title": "MiCA CASP Compliance Operating Model Buyer Graph", "description": "Vendor-neutral, evidence-disciplined graph for MiCA-licensed or applicant Crypto-Asset Service Providers selecting compliance tooling and operating controls. Pure PI/EMI and Swiss FINMA GRC buyers are out of scope; CASP+EMI hybrids are flagged as an open perimeter question.", "layout": "cose", "lastReviewed": "2026-04-30", "evidenceCutoff": "2026-04-30", "nodes": [ { "id": "firm-casp-class-1", "label": "CASP-Class-1", "type": "firm-segment", "subtype": "limited CASP service stack", "summary": "Lower-complexity CASP buyer profile with narrower custody/exchange exposure.", "description": "Covers advisory, reception/transmission, placing or execution profiles where the buyer is not running the full custody-plus-exchange-plus-advice stack.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "buyer", "MiCA" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Confirm exact MiCA services and NCA transitional window before procurement." ] }, { "id": "firm-casp-class-2", "label": "CASP-Class-2", "type": "firm-segment", "subtype": "custody, exchange or transfer profile", "summary": "Intermediate CASP profile with materially higher AML, custody and transfer controls.", "description": "Covers CASPs holding client crypto-assets or processing exchange/transfer flows; Travel Rule, wallet-risk, sanctions and custody evidence become coupled.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "buyer", "custody", "Travel Rule" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Validate whether safeguarding is CASP-only, outsourced, or through a CASP+EMI group structure." ] }, { "id": "firm-casp-class-3", "label": "CASP-Class-3", "type": "firm-segment", "subtype": "widest CASP control surface", "summary": "Highest-control-surface CASP profile: custody plus execution, exchange, platform and advisory obligations.", "description": "This is the buyer profile most likely to need layered IDV, blockchain analytics, Travel Rule, sanctions, case management, audit retention and DORA evidence.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "buyer", "largest-control-surface" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Grandfathering and authorisation queue timing must be checked NCA-by-NCA." ] }, { "id": "firm-casp-emi-hybrid", "label": "CASP+EMI hybrid", "type": "firm-segment", "subtype": "CASP with e-money or payment overlap", "summary": "Hybrid profile for groups touching both MiCA CASP services and e-money/payment rails.", "description": "Pure PI/EMI buyers are out of scope; hybrids need perimeter mapping for EMT issuance, fiat rails, safeguarding and crypto transfer duties.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2024/1183/oj/eng, accessed 2026-04-30", "https://www.iso.org/standard/20022-1, accessed 2026-04-30" ], "tags": [ "buyer", "hybrid", "open-question" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Open question: CASP, EMI/PI, EMT issuer, distributor, or multi-entity group?" ] }, { "id": "regulator-esma", "label": "ESMA", "type": "regulator", "subtype": "EU securities markets regulator", "summary": "MiCA Level 2/3 and supervisory-convergence anchor for CASPs.", "description": "MiCA Level 2/3 and supervisory-convergence anchor for CASPs.", "url": "https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica", "evidence": [ "https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica, accessed 2026-04-30", "https://www.esma.europa.eu/sites/default/files/2024-12/List_of_MiCA_grandfathering_periods_art._143_3.pdf, accessed 2026-04-30" ], "tags": [ "MiCA", "Level 2", "Level 3" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Monitor MiCA Q&A, RTS/ITS updates and transitional guidance." ] }, { "id": "regulator-eba", "label": "EBA", "type": "regulator", "subtype": "EU banking authority", "summary": "MiCA ART/EMT anchor with adjacent effects for CASPs handling ARTs or EMTs.", "description": "MiCA ART/EMT anchor with adjacent effects for CASPs handling ARTs or EMTs.", "url": "https://www.eba.europa.eu/regulation-and-policy/asset-referenced-and-e-money-tokens-mica", "evidence": [ "https://www.eba.europa.eu/regulation-and-policy/asset-referenced-and-e-money-tokens-mica, accessed 2026-04-30" ], "tags": [ "ART", "EMT" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "regulator-amla", "label": "AMLA", "type": "regulator", "subtype": "EU AML/CFT authority", "summary": "Incoming AML authority relevant to future direct-supervision selection.", "description": "Incoming AML authority relevant to future direct-supervision selection.", "url": "https://www.amla.europa.eu/index_en", "evidence": [ "https://www.amla.europa.eu/index_en, accessed 2026-04-30", "https://www.amla.europa.eu/amla-advances-preparations-2027-selection-exercise_en, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2024/1620/oj/eng, accessed 2026-04-30" ], "tags": [ "AML", "CFT" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Track 2027 selection exercise and direct supervision from 2028 for selected entities." ] }, { "id": "regulator-ncas", "label": "National Competent Authorities", "type": "regulator", "subtype": "generic member-state supervisors", "summary": "Generic node for NCAs; individual NCAs are intentionally not enumerated.", "description": "Generic node for NCAs; individual NCAs are intentionally not enumerated.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.esma.europa.eu/sites/default/files/2024-12/List_of_MiCA_grandfathering_periods_art._143_3.pdf, accessed 2026-04-30", "https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica, accessed 2026-04-30" ], "tags": [ "NCA", "authorisation" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Local authorisation sequencing, grandfathering and FIU mechanics remain NCA/member-state dependent." ] }, { "id": "regulator-fatf", "label": "FATF", "type": "regulator", "subtype": "global AML/CFT standard setter", "summary": "Global source for Recommendation 16 and VASP/virtual-asset AML guidance.", "description": "Global source for Recommendation 16 and VASP/virtual-asset AML guidance.", "url": "https://www.fatf-gafi.org/en/topics/virtual-assets.html", "evidence": [ "https://www.fatf-gafi.org/en/topics/virtual-assets.html, accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html, accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-rba-virtual-assets-2021.html [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "Travel Rule", "VASP" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "reg-mica-title-v", "label": "MiCA Regulation (EU) 2023/1114 — Title V", "type": "regulation", "subtype": "CASP authorisation and operating obligations", "summary": "Primary legal anchor for CASP authorisation and operating obligations.", "description": "Primary legal anchor for CASP authorisation and operating obligations.", "url": "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "MiCA", "CASP", "Title V" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Article 143 transitional measures and NCA authorisation queues are implementation risks." ] }, { "id": "reg-mica-title-iii", "label": "MiCA Regulation (EU) 2023/1114 — Title III", "type": "regulation", "subtype": "asset-referenced token issuer rules", "summary": "Adjacent anchor for ART issuers and CASP groups handling ART issuance or admission.", "description": "Adjacent anchor for ART issuers and CASP groups handling ART issuance or admission.", "url": "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "MiCA", "ART", "adjacent" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Flag only where the group issues, offers, admits or services ARTs." ] }, { "id": "reg-mica-title-iv", "label": "MiCA Regulation (EU) 2023/1114 — Title IV", "type": "regulation", "subtype": "e-money token issuer rules", "summary": "Adjacent anchor for EMT issuers and CASP+EMI overlap.", "description": "Adjacent anchor for EMT issuers and CASP+EMI overlap.", "url": "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "MiCA", "EMT", "hybrid" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Open question for CASP+EMI hybrids: issuer, distributor or payment-services perimeter?" ] }, { "id": "reg-amlr-2024-1624", "label": "AMLR Regulation (EU) 2024/1624", "type": "regulation", "subtype": "EU AML/CFT regulation", "summary": "Binding AML package anchor for future harmonised CDD, monitoring and risk controls.", "description": "Binding AML package anchor for future harmonised CDD, monitoring and risk controls.", "url": "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30" ], "tags": [ "AML", "CFT", "CASP" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Track application date, AMLA materials and NCA interpretation for CASPs." ] }, { "id": "reg-amld6-2024-1640", "label": "AMLD6 Directive (EU) 2024/1640", "type": "regulation", "subtype": "national AML/CFT transposition", "summary": "Directive anchor for national AML implementation and FIU-facing procedures.", "description": "Directive anchor for national AML implementation and FIU-facing procedures.", "url": "https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng, accessed 2026-04-30" ], "tags": [ "AML", "FIU" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "National transposition and FIU formats must be checked by member state." ] }, { "id": "reg-amla-2024-1620", "label": "AMLA Regulation (EU) 2024/1620", "type": "regulation", "subtype": "AMLA establishment regulation", "summary": "Institutional anchor establishing AMLA.", "description": "Institutional anchor establishing AMLA.", "url": "https://eur-lex.europa.eu/eli/reg/2024/1620/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1620/oj/eng, accessed 2026-04-30" ], "tags": [ "AMLA", "AML" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Track whether large CASP groups become AMLA direct-supervision candidates." ] }, { "id": "reg-tfr-2023-1113", "label": "Transfer of Funds Regulation (EU) 2023/1113", "type": "regulation", "subtype": "crypto Travel Rule", "summary": "Direct EU anchor for information accompanying crypto-asset transfers.", "description": "Direct EU anchor for information accompanying crypto-asset transfers.", "url": "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "Travel Rule", "TFR" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Sunrise issue and non-custodial wallet handling remain operationally material." ] }, { "id": "reg-dora-2022-2554", "label": "DORA Regulation (EU) 2022/2554", "type": "regulation", "subtype": "ICT operational resilience", "summary": "ICT operational resilience anchor for CASP operating models.", "description": "ICT operational resilience anchor for CASP operating models.", "url": "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "DORA", "ICT" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Compliance vendors can be material ICT third-party dependencies." ] }, { "id": "reg-eidas2-2024-1183", "label": "eIDAS 2 Regulation (EU) 2024/1183", "type": "regulation", "subtype": "digital identity and trust services", "summary": "Adjacent anchor for digital identity wallet and trust-service onboarding flows.", "description": "Adjacent anchor for digital identity wallet and trust-service onboarding flows.", "url": "https://eur-lex.europa.eu/eli/reg/2024/1183/oj/eng", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1183/oj/eng, accessed 2026-04-30" ], "tags": [ "identity", "eIDAS 2" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Track EU Digital Identity Wallet acceptance in remote onboarding." ] }, { "id": "std-fatf-r16", "label": "FATF Recommendation 16 and VA/VASP guidance", "type": "standard", "subtype": "Travel Rule standard", "summary": "Global Travel Rule methodology for originator and beneficiary information.", "description": "Global Travel Rule methodology for originator and beneficiary information.", "url": "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html", "evidence": [ "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html, accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-rba-virtual-assets-2021.html [stale — older than 2024], accessed 2026-04-30", "https://www.fatf-gafi.org/en/topics/virtual-assets.html, accessed 2026-04-30" ], "tags": [ "Travel Rule", "FATF" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Validate production support and mapping evidence before relying on the standard in an RFP." ] }, { "id": "std-ivms101", "label": "IVMS 101", "type": "standard", "subtype": "InterVASP messaging data model", "summary": "Common data model for required Travel Rule party information.", "description": "Common data model for required Travel Rule party information.", "url": "https://www.intervasp.org/", "evidence": [ "https://www.intervasp.org/, accessed 2026-04-30" ], "tags": [ "Travel Rule", "messaging" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Validate production support and mapping evidence before relying on the standard in an RFP." ] }, { "id": "std-trp", "label": "TRP — Travel Rule Protocol", "type": "standard", "subtype": "open Travel Rule protocol", "summary": "Open protocol option for Travel Rule data exchange between VASPs.", "description": "Open protocol option for Travel Rule data exchange between VASPs.", "url": "https://gitlab.com/OpenVASP/travel-rule-protocol", "evidence": [ "https://gitlab.com/OpenVASP/travel-rule-protocol, accessed 2026-04-30" ], "tags": [ "Travel Rule", "protocol" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Validate production support and mapping evidence before relying on the standard in an RFP." ] }, { "id": "std-ofac-sdn", "label": "OFAC SDN and consolidated screening data", "type": "standard", "subtype": "sanctions data standard", "summary": "US sanctions-list data input for global screening programs.", "description": "US sanctions-list data input for global screening programs.", "url": "https://ofac.treasury.gov/sanctions-list-service", "evidence": [ "https://ofac.treasury.gov/sanctions-list-service, accessed 2026-04-30", "https://ofac.treasury.gov/faqs/topic/1641 [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "sanctions", "OFAC" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Validate production support and mapping evidence before relying on the standard in an RFP." ] }, { "id": "std-eu-consolidated-sanctions", "label": "EU consolidated financial sanctions list", "type": "standard", "subtype": "EU CFSP sanctions data", "summary": "EU sanctions-list data input for EU CASP sanctions screening.", "description": "EU sanctions-list data input for EU CASP sanctions screening.", "url": "https://data.europa.eu/data/datasets/consolidated-list-of-persons-groups-and-entities-subject-to-eu-financial-sanctions?locale=en", "evidence": [ "https://data.europa.eu/data/datasets/consolidated-list-of-persons-groups-and-entities-subject-to-eu-financial-sanctions?locale=en [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "sanctions", "EU" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Validate production support and mapping evidence before relying on the standard in an RFP." ] }, { "id": "std-iso27001", "label": "ISO/IEC 27001", "type": "standard", "subtype": "information security management system", "summary": "Security baseline for vendor and internal ICT assurance.", "description": "Security baseline for vendor and internal ICT assurance.", "url": "https://www.iso.org/standard/27001", "evidence": [ "https://www.iso.org/standard/27001 [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "security", "DORA" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Validate production support and mapping evidence before relying on the standard in an RFP." ] }, { "id": "std-iso20022", "label": "ISO 20022", "type": "standard", "subtype": "financial message mapping", "summary": "Payments message standard relevant at CASP+EMI and fiat-rail intersections.", "description": "Payments message standard relevant at CASP+EMI and fiat-rail intersections.", "url": "https://www.iso.org/standard/20022-1", "evidence": [ "https://www.iso.org/standard/20022-1, accessed 2026-04-30" ], "tags": [ "payments", "hybrid" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Validate production support and mapping evidence before relying on the standard in an RFP." ] }, { "id": "std-ietf-jmap", "label": "IETF JMAP", "type": "standard", "subtype": "JSON workflow reference", "summary": "Technical reference for structured JSON object workflows; not a MiCA mandate.", "description": "Technical reference for structured JSON object workflows; not a MiCA mandate.", "url": "https://datatracker.ietf.org/doc/html/rfc8620", "evidence": [ "https://datatracker.ietf.org/doc/html/rfc8620 [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "identity", "technical" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Validate production support and mapping evidence before relying on the standard in an RFP." ] }, { "id": "std-oidc", "label": "OpenID Connect", "type": "standard", "subtype": "identity layer", "summary": "Identity protocol reference for authenticated digital identity assertions.", "description": "Identity protocol reference for authenticated digital identity assertions.", "url": "https://openid.net/specs/openid-connect-core-1_0.html", "evidence": [ "https://openid.net/specs/openid-connect-core-1_0.html [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2024/1183/oj/eng, accessed 2026-04-30" ], "tags": [ "identity", "OIDC" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Validate production support and mapping evidence before relying on the standard in an RFP." ] }, { "id": "ctrl-kyc-cdd", "label": "KYC/CDD onboarding", "type": "control", "subtype": "identity verification, source of funds and ongoing monitoring", "summary": "Lifecycle onboarding control covering IDV, risk rating, source of funds and refresh.", "description": "Lifecycle onboarding control covering IDV, risk rating, source of funds and refresh.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2024/1183/oj/eng, accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-rba-virtual-assets-2021.html [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "KYC", "CDD" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Assess eIDAS 2 wallet acceptance and crypto-triggered EDD." ] }, { "id": "ctrl-sanctions-screening", "label": "Sanctions screening", "type": "control", "subtype": "list screening, fuzzy matching and escalation", "summary": "Control for screening customers, counterparties, wallets and transactions against sanctions/watchlists.", "description": "Control for screening customers, counterparties, wallets and transactions against sanctions/watchlists.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30", "https://ofac.treasury.gov/sanctions-list-service, accessed 2026-04-30", "https://data.europa.eu/data/datasets/consolidated-list-of-persons-groups-and-entities-subject-to-eu-financial-sanctions?locale=en [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "sanctions" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require source-list timestamps, refresh cadence and false-positive management." ] }, { "id": "ctrl-transaction-monitoring", "label": "Transaction monitoring", "type": "control", "subtype": "rules, behaviour analytics and case management", "summary": "Control for detecting suspicious fiat and crypto behaviour through scenarios, models and case workflows.", "description": "Control for detecting suspicious fiat and crypto behaviour through scenarios, models and case workflows.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng, accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-rba-virtual-assets-2021.html [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "AML", "monitoring" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require explainable tuning evidence, typology updates and management information." ] }, { "id": "ctrl-wallet-attribution-risk", "label": "Wallet-address attribution and risk scoring", "type": "control", "subtype": "incoming/outgoing wallet risk", "summary": "Control for address attribution, clustering, exposure scoring, typology tags and blockchain coverage.", "description": "Control for address attribution, clustering, exposure scoring, typology tags and blockchain coverage.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-rba-virtual-assets-2021.html [stale — older than 2024], accessed 2026-04-30", "https://ofac.treasury.gov/sanctions-list-service, accessed 2026-04-30" ], "tags": [ "wallets", "blockchain analytics" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Do not accept unexplained risk scores; require methodology and confidence bands." ] }, { "id": "ctrl-travel-rule-routing", "label": "Travel Rule routing", "type": "control", "subtype": "originator/beneficiary messaging and counterparty handling", "summary": "Control for sending, receiving, validating and reconciling Travel Rule information.", "description": "Control for sending, receiving, validating and reconciling Travel Rule information.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html, accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-rba-virtual-assets-2021.html [stale — older than 2024], accessed 2026-04-30", "https://www.intervasp.org/, accessed 2026-04-30", "https://gitlab.com/OpenVASP/travel-rule-protocol, accessed 2026-04-30" ], "tags": [ "Travel Rule", "sunrise issue", "non-custodial wallets" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Sunrise issue: counterparties may not use the same provider. Non-custodial wallets need separate risk handling." ] }, { "id": "ctrl-sar-str-reporting", "label": "Suspicious activity reporting", "type": "control", "subtype": "FIU integration and narrative quality", "summary": "Control for escalating suspicious activity and producing FIU-ready SAR/STR narratives.", "description": "Control for escalating suspicious activity and producing FIU-ready SAR/STR narratives.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2024/1620/oj/eng, accessed 2026-04-30" ], "tags": [ "SAR", "STR", "FIU" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "FIU channels and filing formats remain member-state dependent." ] }, { "id": "ctrl-custody-asset-segregation", "label": "Custody-asset segregation", "type": "control", "subtype": "client-asset separation and key-management evidence", "summary": "Control for separating own funds, client funds, client crypto-assets and custody key evidence.", "description": "Control for separating own funds, client funds, client crypto-assets and custody key evidence.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.iso.org/standard/27001 [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "custody", "segregation", "MiCA Article 70" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "CASP Class-3 and custody-heavy Class-2 buyers have the widest evidence burden." ] }, { "id": "ctrl-mica-whitepaper-publication", "label": "MiCA whitepaper publication and notification", "type": "control", "subtype": "whitepaper filing and token-governance evidence", "summary": "Control for token whitepaper publication, notification and product governance where relevant.", "description": "Control for token whitepaper publication, notification and product governance where relevant.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.eba.europa.eu/regulation-and-policy/asset-referenced-and-e-money-tokens-mica, accessed 2026-04-30", "https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica, accessed 2026-04-30" ], "tags": [ "whitepaper", "MiCA" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Not every CASP is an issuer; clarify Title III/IV versus Title V ownership." ] }, { "id": "ctrl-ict-operational-resilience", "label": "ICT operational resilience", "type": "control", "subtype": "DORA register, incident and third-party concentration controls", "summary": "Control for ICT risk, incidents, resilience testing and third-party dependency governance.", "description": "Control for ICT risk, incidents, resilience testing and third-party dependency governance.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.iso.org/standard/27001 [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "DORA", "ICT" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Treat material compliance tools as DORA-relevant third-party dependencies." ] }, { "id": "ctrl-audit-trail-retention", "label": "Internal audit and audit-trail evidence retention", "type": "control", "subtype": "evidence retention, lineage and auditability", "summary": "Control for preserving defensible evidence across onboarding, alerts, investigations and filings.", "description": "Control for preserving defensible evidence across onboarding, alerts, investigations and filings.", "url": null, "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.iso.org/standard/27001 [stale — older than 2024], accessed 2026-04-30" ], "tags": [ "audit trail" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Retention periods vary by data type, control and member state." ] }, { "id": "vendor-chainalysis", "label": "Chainalysis Inc.", "type": "vendor", "subtype": "blockchain analytics", "summary": "Blockchain analytics vendor.", "description": "Blockchain analytics vendor.", "url": "https://www.chainalysis.com/", "evidence": [ "https://www.chainalysis.com/, accessed 2026-04-30" ], "tags": [ "blockchain analytics" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-elliptic", "label": "Elliptic Enterprises Ltd", "type": "vendor", "subtype": "blockchain analytics", "summary": "Blockchain analytics vendor.", "description": "Blockchain analytics vendor.", "url": "https://www.elliptic.co/", "evidence": [ "https://www.elliptic.co/, accessed 2026-04-30" ], "tags": [ "blockchain analytics" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-trm", "label": "TRM Labs Inc.", "type": "vendor", "subtype": "blockchain intelligence", "summary": "Blockchain intelligence vendor.", "description": "Blockchain intelligence vendor.", "url": "https://www.trmlabs.com/", "evidence": [ "https://www.trmlabs.com/, accessed 2026-04-30" ], "tags": [ "blockchain intelligence" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-merkle", "label": "Merkle Science", "type": "vendor", "subtype": "blockchain analytics", "summary": "Blockchain analytics vendor.", "description": "Blockchain analytics vendor.", "url": "https://www.merklescience.com/", "evidence": [ "https://www.merklescience.com/, accessed 2026-04-30" ], "tags": [ "blockchain analytics" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-notabene", "label": "Notabene Inc.", "type": "vendor", "subtype": "Travel Rule", "summary": "Travel Rule vendor.", "description": "Travel Rule vendor.", "url": "https://notabene.id/solutions/safe-transact", "evidence": [ "https://notabene.id/solutions/safe-transact, accessed 2026-04-30" ], "tags": [ "Travel Rule" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-sumsub", "label": "Sumsub Holdings", "type": "vendor", "subtype": "KYC/AML/Travel Rule", "summary": "KYC, AML and Travel Rule platform vendor.", "description": "KYC, AML and Travel Rule platform vendor.", "url": "https://sumsub.com/", "evidence": [ "https://sumsub.com/, accessed 2026-04-30" ], "tags": [ "KYC", "AML", "Travel Rule" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-verifyvasp", "label": "VerifyVASP", "type": "vendor", "subtype": "Travel Rule", "summary": "Travel Rule platform vendor.", "description": "Travel Rule platform vendor.", "url": "https://www.verifyvasp.com/", "evidence": [ "https://www.verifyvasp.com/, accessed 2026-04-30" ], "tags": [ "Travel Rule" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-shyft", "label": "Shyft Network", "type": "vendor", "subtype": "Travel Rule", "summary": "Vendor/network behind Veriscope Travel Rule tooling.", "description": "Vendor/network behind Veriscope Travel Rule tooling.", "url": "https://www.shyft.network/veriscope", "evidence": [ "https://www.shyft.network/veriscope, accessed 2026-04-30" ], "tags": [ "Travel Rule" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-entrust-onfido", "label": "Entrust / Onfido", "type": "vendor", "subtype": "identity verification", "summary": "Entrust identity verification vendor including Onfido acquired in 2024.", "description": "Entrust identity verification vendor including Onfido acquired in 2024.", "url": "https://www.entrust.com/company/onfido-is-now-entrust", "evidence": [ "https://www.entrust.com/company/onfido-is-now-entrust, accessed 2026-04-30" ], "tags": [ "IDV", "KYC" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-veriff", "label": "Veriff OÜ", "type": "vendor", "subtype": "identity verification", "summary": "Identity verification vendor.", "description": "Identity verification vendor.", "url": "https://www.veriff.com/", "evidence": [ "https://www.veriff.com/, accessed 2026-04-30" ], "tags": [ "IDV", "KYC" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-persona", "label": "Persona Identities Inc.", "type": "vendor", "subtype": "identity orchestration", "summary": "Identity workflow and report vendor.", "description": "Identity workflow and report vendor.", "url": "https://withpersona.com/", "evidence": [ "https://withpersona.com/, accessed 2026-04-30" ], "tags": [ "IDV", "KYC" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-jumio", "label": "Jumio", "type": "vendor", "subtype": "identity verification and AML", "summary": "Identity verification and AML vendor.", "description": "Identity verification and AML vendor.", "url": "https://www.jumio.com/", "evidence": [ "https://www.jumio.com/, accessed 2026-04-30" ], "tags": [ "IDV", "AML" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-complyadvantage", "label": "ComplyAdvantage Ltd", "type": "vendor", "subtype": "AML screening and monitoring", "summary": "AML risk-intelligence vendor.", "description": "AML risk-intelligence vendor.", "url": "https://complyadvantage.com/mesh/", "evidence": [ "https://complyadvantage.com/mesh/, accessed 2026-04-30" ], "tags": [ "AML", "sanctions" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-lseg", "label": "LSEG Risk Intelligence / Refinitiv", "type": "vendor", "subtype": "watchlist screening", "summary": "Risk-intelligence vendor behind World-Check.", "description": "Risk-intelligence vendor behind World-Check.", "url": "https://www.lseg.com/en/risk-intelligence/screening-solutions/world-check-kyc-screening", "evidence": [ "https://www.lseg.com/en/risk-intelligence/screening-solutions/world-check-kyc-screening, accessed 2026-04-30" ], "tags": [ "watchlists" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-dowjones", "label": "Dow Jones Risk & Compliance", "type": "vendor", "subtype": "risk data and due diligence", "summary": "Risk-data and due-diligence vendor.", "description": "Risk-data and due-diligence vendor.", "url": "https://www.dowjones.com/business-intelligence/risk/", "evidence": [ "https://www.dowjones.com/business-intelligence/risk/, accessed 2026-04-30" ], "tags": [ "watchlists", "CDD" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-sanctionsio", "label": "Sanctions.io GmbH", "type": "vendor", "subtype": "screening API", "summary": "Sanctions and AML screening API vendor.", "description": "Sanctions and AML screening API vendor.", "url": "https://www.sanctions.io/", "evidence": [ "https://www.sanctions.io/, accessed 2026-04-30" ], "tags": [ "sanctions", "API" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-sardine", "label": "Sardine AI Inc.", "type": "vendor", "subtype": "fraud and AML risk", "summary": "Fraud and AML risk platform vendor.", "description": "Fraud and AML risk platform vendor.", "url": "https://www.sardine.ai/", "evidence": [ "https://www.sardine.ai/, accessed 2026-04-30" ], "tags": [ "fraud", "AML" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-hummingbird", "label": "Hummingbird RegTech", "type": "vendor", "subtype": "case management and SAR/STR filing", "summary": "Financial-crime case-management and reporting vendor.", "description": "Financial-crime case-management and reporting vendor.", "url": "https://www.hummingbird.co/", "evidence": [ "https://www.hummingbird.co/, accessed 2026-04-30" ], "tags": [ "case management", "SAR" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-featurespace", "label": "Featurespace", "type": "vendor", "subtype": "transaction monitoring and fraud analytics", "summary": "ARIC platform vendor for fraud and financial crime.", "description": "ARIC platform vendor for fraud and financial crime.", "url": "https://www.featurespace.com/", "evidence": [ "https://www.featurespace.com/, accessed 2026-04-30" ], "tags": [ "monitoring", "fraud" ], "isFinrayProduct": false, "coiNote": null, "watching": null }, { "id": "vendor-finray", "label": "Finray Technologies Ltd", "type": "vendor", "subtype": "Finray compliance technology", "summary": "Finray vendor node for XZiel; excluded from ranking.", "description": "Finray vendor node for XZiel; excluded from ranking.", "url": "https://finray.tech/", "evidence": [ "https://finray.tech/, accessed 2026-04-30" ], "tags": [ "COI", "Finray" ], "isFinrayProduct": false, "coiNote": "Finray Technologies Ltd owns the publishing venue and ships XZiel; this vendor node is excluded from ranking.", "watching": null }, { "id": "prod-chainalysis-reactor", "label": "Chainalysis Reactor", "type": "product", "subtype": "investigation product", "summary": "Crypto investigations product for tracing funds and entity exposure.", "description": "Crypto investigations product for tracing funds and entity exposure.", "url": "https://www.chainalysis.com/product/reactor/", "evidence": [ "https://www.chainalysis.com/product/reactor/, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "investigations" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-chainalysis-kyt", "label": "Chainalysis KYT", "type": "product", "subtype": "transaction monitoring product", "summary": "Crypto transaction monitoring product for platform-scale risk assessment.", "description": "Crypto transaction monitoring product for platform-scale risk assessment.", "url": "https://www.chainalysis.com/product/kyt/", "evidence": [ "https://www.chainalysis.com/product/kyt/, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "monitoring" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-chainalysis-crypto-investigations", "label": "Chainalysis Crypto Investigations Solutions", "type": "product", "subtype": "investigation solution", "summary": "Investigation solution for tracing funds across blockchains.", "description": "Investigation solution for tracing funds across blockchains.", "url": "https://www.chainalysis.com/solution/crypto-investigations/", "evidence": [ "https://www.chainalysis.com/solution/crypto-investigations/, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "investigations" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-elliptic-lens", "label": "Elliptic Lens", "type": "product", "subtype": "wallet screening product", "summary": "Wallet screening and alert-to-decision workflow product.", "description": "Wallet screening and alert-to-decision workflow product.", "url": "https://www.elliptic.co/blog/introducing-the-new-lens-one-workflow-from-alert-to-decision", "evidence": [ "https://www.elliptic.co/blog/introducing-the-new-lens-one-workflow-from-alert-to-decision, accessed 2026-04-30", "https://www.elliptic.co/media-center/hashkey-scales-with-elliptics-vasp-compliance-infrastructure, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "wallet screening" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-elliptic-investigator", "label": "Elliptic Investigator", "type": "product", "subtype": "investigation product", "summary": "Investigation product referenced in Elliptic VASP compliance materials.", "description": "Investigation product referenced in Elliptic VASP compliance materials.", "url": "https://www.elliptic.co/media-center/hashkey-scales-with-elliptics-vasp-compliance-infrastructure", "evidence": [ "https://www.elliptic.co/media-center/hashkey-scales-with-elliptics-vasp-compliance-infrastructure, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "investigations" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-elliptic-navigator", "label": "Elliptic Navigator", "type": "product", "subtype": "transaction monitoring product", "summary": "Transaction monitoring product referenced in Elliptic VASP compliance materials.", "description": "Transaction monitoring product referenced in Elliptic VASP compliance materials.", "url": "https://www.elliptic.co/media-center/hashkey-scales-with-elliptics-vasp-compliance-infrastructure", "evidence": [ "https://www.elliptic.co/media-center/hashkey-scales-with-elliptics-vasp-compliance-infrastructure, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "monitoring" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-trm-forensics", "label": "TRM Forensics", "type": "product", "subtype": "blockchain forensics product", "summary": "Blockchain intelligence product for investigations and fund-flow analysis.", "description": "Blockchain intelligence product for investigations and fund-flow analysis.", "url": "https://www.trmlabs.com/blockchain-intelligence", "evidence": [ "https://www.trmlabs.com/blockchain-intelligence, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "forensics" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-trm-insights", "label": "TRM Insights", "type": "product", "subtype": "unverified product label", "summary": "Not verified as a currently marketed standalone software product during this session.", "description": "Not verified as a currently marketed standalone software product during this session.", "url": null, "evidence": [ "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "research-pending" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-trm-tactical", "label": "TRM Tactical", "type": "product", "subtype": "mobile investigation product", "summary": "Mobile-first blockchain intelligence tool for investigators.", "description": "Mobile-first blockchain intelligence tool for investigators.", "url": "https://www.trmlabs.com/resources/blog/announces-trm-tactical-the-mobile-first-blockchain-intelligence-tool-for-investigators", "evidence": [ "https://www.trmlabs.com/resources/blog/announces-trm-tactical-the-mobile-first-blockchain-intelligence-tool-for-investigators [stale — older than 2024], accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "forensics" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-merkle-tracker", "label": "Merkle Science Tracker", "type": "product", "subtype": "blockchain investigation product", "summary": "Crypto investigation and blockchain tracing product.", "description": "Crypto investigation and blockchain tracing product.", "url": "https://www.merklescience.com/securing-the-blockchain-how-tracker-simplifies-blockchain-forensics-for-law-enforcement-agencies", "evidence": [ "https://www.merklescience.com/securing-the-blockchain-how-tracker-simplifies-blockchain-forensics-for-law-enforcement-agencies, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "investigations" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-merkle-compass", "label": "Merkle Science Compass", "type": "product", "subtype": "transaction and wallet monitoring product", "summary": "Transaction and wallet monitoring product for AML and risk reporting.", "description": "Transaction and wallet monitoring product for AML and risk reporting.", "url": "https://www.merklescience.com/platform/transaction-wallet-monitoring", "evidence": [ "https://www.merklescience.com/platform/transaction-wallet-monitoring, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "monitoring" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-notabene-safetransact", "label": "Notabene SafeTransact", "type": "product", "subtype": "Travel Rule product", "summary": "Pre-transaction crypto compliance and Travel Rule solution.", "description": "Pre-transaction crypto compliance and Travel Rule solution.", "url": "https://notabene.id/solutions/safe-transact", "evidence": [ "https://notabene.id/solutions/safe-transact, accessed 2026-04-30", "https://notabene.id/world/eu, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, counterparty reachability, sunrise-issue fallback workflow, non-custodial wallet handling, FATF Recommendation 16 compliance proof]" ], "tags": [ "Travel Rule" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-sumsub-kyc", "label": "Sumsub KYC", "type": "product", "subtype": "KYC product", "summary": "KYC onboarding component of Sumsub verification platform.", "description": "KYC onboarding component of Sumsub verification platform.", "url": "https://sumsub.com/", "evidence": [ "https://sumsub.com/, accessed 2026-04-30", "https://sumsub.com/travel-rule-eu/, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ], "tags": [ "KYC" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-sumsub-aml", "label": "Sumsub AML", "type": "product", "subtype": "AML product", "summary": "AML screening and monitoring component of Sumsub platform.", "description": "AML screening and monitoring component of Sumsub platform.", "url": "https://sumsub.com/travel-rule-eu/", "evidence": [ "https://sumsub.com/travel-rule-eu/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "AML" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-sumsub-travel-rule", "label": "Sumsub Travel Rule", "type": "product", "subtype": "Travel Rule product", "summary": "Travel Rule solution for VASP/CASP data exchange and compliance workflows.", "description": "Travel Rule solution for VASP/CASP data exchange and compliance workflows.", "url": "https://sumsub.com/travel-rule/", "evidence": [ "https://sumsub.com/travel-rule/, accessed 2026-04-30", "https://sumsub.com/protocols/, accessed 2026-04-30", "https://docs.sumsub.com/docs/travel-rule-product-and-compliance-guide, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, counterparty reachability, sunrise-issue fallback workflow, non-custodial wallet handling, FATF Recommendation 16 compliance proof]" ], "tags": [ "Travel Rule" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-verifyvasp-travel-rule", "label": "VerifyVASP Travel Rule Platform", "type": "product", "subtype": "Travel Rule product", "summary": "Platform for VASPs to exchange required FATF R.16 information.", "description": "Platform for VASPs to exchange required FATF R.16 information.", "url": "https://www.verifyvasp.com/en/products/travel-rule/", "evidence": [ "https://www.verifyvasp.com/en/products/travel-rule/, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, counterparty reachability, sunrise-issue fallback workflow, non-custodial wallet handling, FATF Recommendation 16 compliance proof]" ], "tags": [ "Travel Rule" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-shyft-veriscope", "label": "Shyft Veriscope", "type": "product", "subtype": "Travel Rule product", "summary": "Travel Rule product/network for counterparty VASP discovery and data sharing.", "description": "Travel Rule product/network for counterparty VASP discovery and data sharing.", "url": "https://www.shyft.network/veriscope", "evidence": [ "https://www.shyft.network/veriscope, accessed 2026-04-30", "https://www.shyft.network/products/veriscope/fatf-travel-rule, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, counterparty reachability, sunrise-issue fallback workflow, non-custodial wallet handling, FATF Recommendation 16 compliance proof]" ], "tags": [ "Travel Rule" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-onfido-studio", "label": "Onfido Studio / Entrust Workflow Studio", "type": "product", "subtype": "identity workflow product", "summary": "Identity-verification workflow builder now in Entrust materials.", "description": "Identity-verification workflow builder now in Entrust materials.", "url": "https://www.entrust.com/products/identity-verification/studio", "evidence": [ "https://www.entrust.com/products/identity-verification/studio, accessed 2026-04-30", "https://www.entrust.com/company/newsroom/entrust-completes-acquisition-of-onfido-creating-a-new-era-of-identity-centric-security, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ], "tags": [ "IDV" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-onfido-verify", "label": "Onfido Verify / Entrust IDV API", "type": "product", "subtype": "identity verification product", "summary": "Identity verification API and flows formerly associated with Onfido.", "description": "Identity verification API and flows formerly associated with Onfido.", "url": "https://documentation.identity.entrust.com/api/latest/", "evidence": [ "https://documentation.identity.entrust.com/api/latest/, accessed 2026-04-30", "https://www.entrust.com/products/identity-verification, accessed 2026-04-30", "https://www.entrust.com/company/newsroom/entrust-completes-acquisition-of-onfido-creating-a-new-era-of-identity-centric-security, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ], "tags": [ "IDV" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-veriff-identity", "label": "Veriff Identity Verification", "type": "product", "subtype": "identity verification product", "summary": "Document, identity and liveness verification product.", "description": "Document, identity and liveness verification product.", "url": "https://www.veriff.com/product/identity-verification", "evidence": [ "https://www.veriff.com/product/identity-verification, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ], "tags": [ "IDV" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-veriff-idv-plus", "label": "Veriff IDV+", "type": "product", "subtype": "unverified product label", "summary": "Separate IDV+ product page was not verified during this session.", "description": "Separate IDV+ product page was not verified during this session.", "url": null, "evidence": [ "https://www.veriff.com/, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ], "tags": [ "research-pending" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-persona-workflows", "label": "Persona Workflows", "type": "product", "subtype": "identity orchestration product", "summary": "Workflow product for identity-verification journeys and decisioning.", "description": "Workflow product for identity-verification journeys and decisioning.", "url": "https://withpersona.com/product/workflows/", "evidence": [ "https://withpersona.com/product/workflows/, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ], "tags": [ "workflow" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-persona-reports", "label": "Persona Reports", "type": "product", "subtype": "identity and risk reports", "summary": "Report products for profile, watchlist and adverse-media checks.", "description": "Report products for profile, watchlist and adverse-media checks.", "url": "https://withpersona.com/product/reports/profile/", "evidence": [ "https://withpersona.com/product/reports/profile/, accessed 2026-04-30", "https://withpersona.com/product/reports/watchlists/, accessed 2026-04-30", "https://withpersona.com/product/reports/adverse-media/, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ], "tags": [ "reports", "watchlists" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-persona-trust", "label": "Persona Trust", "type": "product", "subtype": "trust use-case label", "summary": "Trust page is modeled as a use-case label, not a verified standalone product.", "description": "Trust page is modeled as a use-case label, not a verified standalone product.", "url": "https://withpersona.com/use-case/trust/", "evidence": [ "https://withpersona.com/use-case/trust/, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ], "tags": [ "research-pending" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-jumio-identity-verification", "label": "Jumio Identity Verification", "type": "product", "subtype": "identity verification product", "summary": "Identity verification product for onboarding and KYC/AML checks.", "description": "Identity verification product for onboarding and KYC/AML checks.", "url": "https://www.jumio.com/products/identity-verification/", "evidence": [ "https://www.jumio.com/products/identity-verification/ [stale — older than 2024], accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ], "tags": [ "IDV" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-jumio-aml", "label": "Jumio AML", "type": "product", "subtype": "AML product", "summary": "AML compliance product for customer-risk controls.", "description": "AML compliance product for customer-risk controls.", "url": "https://www.jumio.com/compliance-regulations/aml-compliance/", "evidence": [ "https://www.jumio.com/compliance-regulations/aml-compliance/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "AML" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-complyadvantage-mesh", "label": "ComplyAdvantage Mesh", "type": "product", "subtype": "AML platform", "summary": "AML risk-intelligence platform for screening and monitoring.", "description": "AML risk-intelligence platform for screening and monitoring.", "url": "https://complyadvantage.com/mesh/", "evidence": [ "https://complyadvantage.com/mesh/, accessed 2026-04-30", "https://docs.mesh.complyadvantage.com/docs/overview, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "AML" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-complyadvantage-customer-screening", "label": "ComplyAdvantage Customer Screening", "type": "product", "subtype": "customer screening product", "summary": "Customer screening product for sanctions, PEP and adverse-media risk.", "description": "Customer screening product for sanctions, PEP and adverse-media risk.", "url": "https://complyadvantage.com/mesh/aml-customer-screening/", "evidence": [ "https://complyadvantage.com/mesh/aml-customer-screening/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "screening" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-lseg-world-check", "label": "World-Check", "type": "product", "subtype": "watchlist screening product", "summary": "LSEG/Refinitiv screening product for KYC and financial-crime risk.", "description": "LSEG/Refinitiv screening product for KYC and financial-crime risk.", "url": "https://www.lseg.com/en/risk-intelligence/screening-solutions/world-check-kyc-screening", "evidence": [ "https://www.lseg.com/en/risk-intelligence/screening-solutions/world-check-kyc-screening, accessed 2026-04-30", "https://www.lseg.com/en/risk-intelligence/screening-solutions/world-check-kyc-screening/one-kyc-verification, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "watchlists" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-dowjones-riskcenter", "label": "Dow Jones RiskCenter", "type": "product", "subtype": "financial-crime risk product", "summary": "RiskCenter product for financial-crime due diligence and monitoring.", "description": "RiskCenter product for financial-crime due diligence and monitoring.", "url": "https://www.dowjones.com/business-intelligence/risk/products/financial-crime/", "evidence": [ "https://www.dowjones.com/business-intelligence/risk/products/financial-crime/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "risk data" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-dowjones-anti-corruption", "label": "Dow Jones Anti-Corruption", "type": "product", "subtype": "anti-corruption due-diligence product", "summary": "Anti-corruption due-diligence product/use-case.", "description": "Anti-corruption due-diligence product/use-case.", "url": "https://www.dowjones.com/business-intelligence/risk/use-case/anti-corruption/", "evidence": [ "https://www.dowjones.com/business-intelligence/risk/use-case/anti-corruption/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "anti-corruption" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-sanctionsio-screening-api", "label": "Sanctions.io Screening API", "type": "product", "subtype": "screening API", "summary": "Sanctions and AML screening API.", "description": "Sanctions and AML screening API.", "url": "https://www.sanctions.io/solutions/screening-api", "evidence": [ "https://www.sanctions.io/solutions/screening-api, accessed 2026-04-30", "https://api-docs.sanctions.io/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "sanctions" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-sardine-platform", "label": "Sardine", "type": "product", "subtype": "fraud and AML risk platform", "summary": "Fraud and AML platform with transaction-monitoring documentation.", "description": "Fraud and AML platform with transaction-monitoring documentation.", "url": "https://www.sardine.ai/transaction-monitoring", "evidence": [ "https://www.sardine.ai/, accessed 2026-04-30", "https://www.sardine.ai/transaction-monitoring, accessed 2026-04-30", "https://docs.sardine.ai/guides/public/risk/transactionmonitoring/transactionmonitoring, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, sanctions list refresh cadence, MiCA-mapped reference architecture, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "monitoring" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-hummingbird-platform", "label": "Hummingbird Platform", "type": "product", "subtype": "case management product", "summary": "Financial-crime platform with investigations and regulatory reporting.", "description": "Financial-crime platform with investigations and regulatory reporting.", "url": "https://www.hummingbird.co/", "evidence": [ "https://www.hummingbird.co/, accessed 2026-04-30", "[evidence pending — vendor outreach required: EU FIU filing coverage, SAR/STR narrative controls, audit-trail export format, retention policy, MiCA-mapped reference architecture]" ], "tags": [ "case management" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-hummingbird-regulatory-reporting", "label": "Hummingbird Regulatory Reporting", "type": "product", "subtype": "SAR/STR reporting product", "summary": "Regulatory reporting product for SAR/STR/CTR filing workflows.", "description": "Regulatory reporting product for SAR/STR/CTR filing workflows.", "url": "https://www.hummingbird.co/product/regulatory-reporting", "evidence": [ "https://www.hummingbird.co/product/regulatory-reporting, accessed 2026-04-30", "[evidence pending — vendor outreach required: EU FIU filing coverage, SAR/STR narrative controls, audit-trail export format, retention policy, MiCA-mapped reference architecture]" ], "tags": [ "SAR" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-featurespace-aric", "label": "Featurespace ARIC", "type": "product", "subtype": "transaction monitoring product", "summary": "ARIC Risk Hub/AML solution for fraud and financial-crime monitoring.", "description": "ARIC Risk Hub/AML solution for fraud and financial-crime monitoring.", "url": "https://www.featurespace.com/solutions/aml", "evidence": [ "https://www.featurespace.com/solutions/aml, accessed 2026-04-30", "https://www.featurespace.com/solutions, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, sanctions list refresh cadence, MiCA-mapped reference architecture, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ], "tags": [ "monitoring" ], "isFinrayProduct": false, "coiNote": null, "watching": [ "Require buyer-side proof-of-control testing before relying on vendor marketing." ] }, { "id": "prod-finray-xziel", "label": "Finray XZiel", "type": "product", "subtype": "Finray product", "summary": "Finray product for transaction-risk analysis, sanctions screening and audit-ready workflows; recused from ranking.", "description": "Finray product for transaction-risk analysis, sanctions screening and audit-ready workflows; recused from ranking.", "url": "https://finray.tech/xziel", "evidence": [ "https://finray.tech/xziel, accessed 2026-04-30", "https://xziel.com/, accessed 2026-04-30", "https://www.trmlabs.com/resources/blog/trm-labs-and-finray-technologies-partner-to-deliver-audit-ready-crypto-transaction-monitoring-to-banking-and-payments-workflows, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, sanctions list refresh cadence, MiCA-mapped reference architecture, false-positive rate disclosure, FATF Recommendation 16 compliance proof]", "[evidence pending — vendor outreach required: DORA ICT third-party assurance, ISO 27001 certificate scope, audit-log immutability controls, incident workflow, MiCA-mapped reference architecture]" ], "tags": [ "Finray", "COI" ], "isFinrayProduct": true, "coiNote": "Finray Technologies Ltd ships XZiel; Finray Intelligence recuses this product from ranking, scoring league tables and any best-of recommendation. Buyers should require independent assurance artefacts (FATF R.16 alignment proof, sanctions-list refresh cadence, false-positive rate disclosure) and external review before procurement.", "watching": [ "COI: recused from ranking; require independent assurance." ] } ], "edges": [ { "source": "firm-casp-class-1", "target": "reg-mica-title-v", "type": "requires", "label": "CASP buyer profile requires MiCA Title V authorisation and operating-obligation mapping.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "firm-casp-class-1", "target": "reg-tfr-2023-1113", "type": "requires", "label": "CASP crypto-transfer activity requires TFR Travel Rule analysis.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "firm-casp-class-1", "target": "reg-amlr-2024-1624", "type": "requires", "label": "CASP AML controls should be mapped to AMLR implementation.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30" ] }, { "source": "firm-casp-class-1", "target": "reg-dora-2022-2554", "type": "requires", "label": "CASP ICT operating model should be assessed against DORA.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "firm-casp-class-2", "target": "reg-mica-title-v", "type": "requires", "label": "CASP buyer profile requires MiCA Title V authorisation and operating-obligation mapping.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "firm-casp-class-2", "target": "reg-tfr-2023-1113", "type": "requires", "label": "CASP crypto-transfer activity requires TFR Travel Rule analysis.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "firm-casp-class-2", "target": "reg-amlr-2024-1624", "type": "requires", "label": "CASP AML controls should be mapped to AMLR implementation.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30" ] }, { "source": "firm-casp-class-2", "target": "reg-dora-2022-2554", "type": "requires", "label": "CASP ICT operating model should be assessed against DORA.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "firm-casp-class-3", "target": "reg-mica-title-v", "type": "requires", "label": "CASP buyer profile requires MiCA Title V authorisation and operating-obligation mapping.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "firm-casp-class-3", "target": "reg-tfr-2023-1113", "type": "requires", "label": "CASP crypto-transfer activity requires TFR Travel Rule analysis.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "firm-casp-class-3", "target": "reg-amlr-2024-1624", "type": "requires", "label": "CASP AML controls should be mapped to AMLR implementation.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30" ] }, { "source": "firm-casp-class-3", "target": "reg-dora-2022-2554", "type": "requires", "label": "CASP ICT operating model should be assessed against DORA.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "firm-casp-emi-hybrid", "target": "reg-mica-title-v", "type": "requires", "label": "Hybrid groups require Title V mapping for CASP services.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "firm-casp-emi-hybrid", "target": "reg-mica-title-iv", "type": "requires", "label": "Hybrid groups may require Title IV mapping where EMT issuance or distribution is in scope.", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.eba.europa.eu/regulation-and-policy/asset-referenced-and-e-money-tokens-mica, accessed 2026-04-30" ] }, { "source": "firm-casp-emi-hybrid", "target": "reg-tfr-2023-1113", "type": "requires", "label": "Hybrid crypto-transfer flows require TFR Travel Rule mapping.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "firm-casp-emi-hybrid", "target": "reg-eidas2-2024-1183", "type": "requires", "label": "Hybrid onboarding and wallet-based identity flows should track eIDAS 2.", "strength": "indirect", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1183/oj/eng, accessed 2026-04-30", "https://openid.net/specs/openid-connect-core-1_0.html [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "reg-amlr-2024-1624", "target": "ctrl-kyc-cdd", "type": "requires", "label": "AMLR anchors CDD and ongoing monitoring controls for obliged entities including CASPs.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30" ] }, { "source": "reg-amlr-2024-1624", "target": "ctrl-sanctions-screening", "type": "requires", "label": "AMLR mapping should include financial-crime and sanctions screening controls.", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30", "https://data.europa.eu/data/datasets/consolidated-list-of-persons-groups-and-entities-subject-to-eu-financial-sanctions?locale=en [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "reg-amlr-2024-1624", "target": "ctrl-transaction-monitoring", "type": "requires", "label": "AMLR mapping should include risk-based suspicious-activity monitoring.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30" ] }, { "source": "reg-amld6-2024-1640", "target": "ctrl-sar-str-reporting", "type": "requires", "label": "AMLD6 national transposition affects FIU-facing suspicious-activity reporting.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng, accessed 2026-04-30" ] }, { "source": "reg-tfr-2023-1113", "target": "ctrl-travel-rule-routing", "type": "requires", "label": "TFR directly maps to originator/beneficiary information routing for crypto transfers.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html, accessed 2026-04-30" ] }, { "source": "reg-tfr-2023-1113", "target": "ctrl-wallet-attribution-risk", "type": "requires", "label": "TFR operating controls should include counterparty and non-custodial wallet risk treatment.", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-rba-virtual-assets-2021.html [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "reg-mica-title-v", "target": "ctrl-custody-asset-segregation", "type": "requires", "label": "MiCA Title V custody obligations require client-asset segregation evidence where custody is provided.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "reg-mica-title-v", "target": "ctrl-audit-trail-retention", "type": "requires", "label": "MiCA operating obligations require auditable records and supervisory evidence.", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "reg-mica-title-iii", "target": "ctrl-mica-whitepaper-publication", "type": "requires", "label": "ART issuer rules are adjacent where the group issues, offers or admits ARTs.", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.eba.europa.eu/regulation-and-policy/asset-referenced-and-e-money-tokens-mica, accessed 2026-04-30" ] }, { "source": "reg-mica-title-iv", "target": "ctrl-mica-whitepaper-publication", "type": "requires", "label": "EMT issuer rules are adjacent where the group has EMT or EMI overlap.", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.eba.europa.eu/regulation-and-policy/asset-referenced-and-e-money-tokens-mica, accessed 2026-04-30" ] }, { "source": "reg-dora-2022-2554", "target": "ctrl-ict-operational-resilience", "type": "requires", "label": "DORA maps to ICT risk management, incidents, resilience and third-party dependency controls.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "reg-dora-2022-2554", "target": "ctrl-audit-trail-retention", "type": "requires", "label": "DORA ICT controls create evidence-retention needs for incidents and resilience testing.", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.iso.org/standard/27001 [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "reg-eidas2-2024-1183", "target": "ctrl-kyc-cdd", "type": "requires", "label": "eIDAS 2 is an adjacent identity anchor for high-assurance remote onboarding.", "strength": "indirect", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1183/oj/eng, accessed 2026-04-30", "https://openid.net/specs/openid-connect-core-1_0.html [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "reg-dora-2022-2554", "target": "reg-mica-title-v", "type": "complementary-to", "label": "DORA complements MiCA by governing ICT resilience rather than CASP authorisation.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "reg-amlr-2024-1624", "target": "reg-amld6-2024-1640", "type": "complementary-to", "label": "AMLR and AMLD6 combine directly applicable rules with national transposition.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng, accessed 2026-04-30" ] }, { "source": "reg-amla-2024-1620", "target": "reg-amlr-2024-1624", "type": "complementary-to", "label": "AMLA establishment complements AMLR by creating the authority for the AML framework.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1620/oj/eng, accessed 2026-04-30", "https://www.amla.europa.eu/index_en, accessed 2026-04-30" ] }, { "source": "reg-tfr-2023-1113", "target": "reg-amlr-2024-1624", "type": "complementary-to", "label": "TFR complements AMLR by adding crypto-transfer information requirements.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30" ] }, { "source": "std-fatf-r16", "target": "reg-tfr-2023-1113", "type": "compliant-with", "label": "FATF R.16 is the global Travel Rule reference behind crypto-transfer information controls.", "strength": "indirect", "evidence": [ "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "std-ivms101", "target": "reg-tfr-2023-1113", "type": "compliant-with", "label": "IVMS 101 supports TFR Travel Rule data-field mapping.", "strength": "indirect", "evidence": [ "https://www.intervasp.org/, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "std-trp", "target": "reg-tfr-2023-1113", "type": "compliant-with", "label": "TRP is a protocol option for exchanging Travel Rule data under TFR-aligned workflows.", "strength": "indirect", "evidence": [ "https://gitlab.com/OpenVASP/travel-rule-protocol, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "std-fatf-r16", "target": "ctrl-travel-rule-routing", "type": "prerequisite-for", "label": "Travel Rule routing should be tested against FATF R.16 originator and beneficiary expectations.", "strength": "full", "evidence": [ "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html, accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-rba-virtual-assets-2021.html [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "std-ivms101", "target": "ctrl-travel-rule-routing", "type": "prerequisite-for", "label": "IVMS 101 is a data-model prerequisite for interoperable Travel Rule information exchange.", "strength": "full", "evidence": [ "https://www.intervasp.org/, accessed 2026-04-30" ] }, { "source": "std-trp", "target": "ctrl-travel-rule-routing", "type": "prerequisite-for", "label": "TRP can be a protocol prerequisite where both CASPs support it.", "strength": "partial", "evidence": [ "https://gitlab.com/OpenVASP/travel-rule-protocol, accessed 2026-04-30" ] }, { "source": "std-ofac-sdn", "target": "ctrl-sanctions-screening", "type": "prerequisite-for", "label": "OFAC list formats are a sanctions-screening input where US nexus or global policy applies.", "strength": "partial", "evidence": [ "https://ofac.treasury.gov/sanctions-list-service, accessed 2026-04-30", "https://ofac.treasury.gov/faqs/topic/1641 [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "std-eu-consolidated-sanctions", "target": "ctrl-sanctions-screening", "type": "prerequisite-for", "label": "EU consolidated sanctions data is a core list source for EU CASP screening.", "strength": "full", "evidence": [ "https://data.europa.eu/data/datasets/consolidated-list-of-persons-groups-and-entities-subject-to-eu-financial-sanctions?locale=en [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "std-iso27001", "target": "ctrl-ict-operational-resilience", "type": "prerequisite-for", "label": "ISO 27001 can support DORA ICT assurance but does not replace DORA compliance.", "strength": "partial", "evidence": [ "https://www.iso.org/standard/27001 [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "std-iso27001", "target": "ctrl-audit-trail-retention", "type": "prerequisite-for", "label": "ISO 27001 supports auditability, access-control and evidence-retention due diligence.", "strength": "partial", "evidence": [ "https://www.iso.org/standard/27001 [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "std-iso20022", "target": "ctrl-travel-rule-routing", "type": "prerequisite-for", "label": "ISO 20022 is relevant where crypto-transfer evidence is reconciled with fiat payment messages.", "strength": "indirect", "evidence": [ "https://www.iso.org/standard/20022-1, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "std-ietf-jmap", "target": "ctrl-kyc-cdd", "type": "prerequisite-for", "label": "JMAP can support structured JSON workflow integration but is not a regulatory requirement.", "strength": "indirect", "evidence": [ "https://datatracker.ietf.org/doc/html/rfc8620 [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "std-oidc", "target": "ctrl-kyc-cdd", "type": "prerequisite-for", "label": "OIDC can support authenticated identity assertions in onboarding architectures.", "strength": "indirect", "evidence": [ "https://openid.net/specs/openid-connect-core-1_0.html [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2024/1183/oj/eng, accessed 2026-04-30" ] }, { "source": "ctrl-kyc-cdd", "target": "firm-casp-class-1", "type": "evidence-for", "label": "KYC/CDD is a baseline evidence domain even for narrower CASP service profiles.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "ctrl-travel-rule-routing", "target": "firm-casp-class-2", "type": "evidence-for", "label": "Travel Rule routing becomes material for custody, transfer and exchange flows.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html, accessed 2026-04-30" ] }, { "source": "ctrl-custody-asset-segregation", "target": "firm-casp-class-2", "type": "evidence-for", "label": "Custody-asset segregation is material where client crypto-assets are held or controlled.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "ctrl-custody-asset-segregation", "target": "firm-casp-class-3", "type": "evidence-for", "label": "Class-3 style operating models have the largest custody-segregation control surface.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "ctrl-transaction-monitoring", "target": "firm-casp-class-3", "type": "evidence-for", "label": "Class-3 style operating models require layered monitoring across customer, wallet and transaction risk.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng, accessed 2026-04-30", "https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-rba-virtual-assets-2021.html [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "ctrl-ict-operational-resilience", "target": "firm-casp-class-3", "type": "evidence-for", "label": "Class-3 buyers should treat compliance tooling as a material ICT dependency.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "ctrl-mica-whitepaper-publication", "target": "firm-casp-emi-hybrid", "type": "evidence-for", "label": "Whitepaper ownership must be clarified where CASP and EMT/issuer duties overlap.", "strength": "partial", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://www.eba.europa.eu/regulation-and-policy/asset-referenced-and-e-money-tokens-mica, accessed 2026-04-30" ] }, { "source": "ctrl-audit-trail-retention", "target": "firm-casp-emi-hybrid", "type": "evidence-for", "label": "Hybrid structures need entity-level evidence lineage across CASP and payment workflows.", "strength": "full", "evidence": [ "https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng [stale — older than 2024], accessed 2026-04-30", "https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "prod-chainalysis-reactor", "target": "vendor-chainalysis", "type": "produced-by", "label": "Chainalysis Reactor is modeled as a distinct product or product-labelled offering produced by Chainalysis Inc..", "strength": "full", "evidence": [ "https://www.chainalysis.com/product/reactor/, accessed 2026-04-30" ] }, { "source": "prod-chainalysis-kyt", "target": "vendor-chainalysis", "type": "produced-by", "label": "Chainalysis KYT is modeled as a distinct product or product-labelled offering produced by Chainalysis Inc..", "strength": "full", "evidence": [ "https://www.chainalysis.com/product/kyt/, accessed 2026-04-30" ] }, { "source": "prod-chainalysis-crypto-investigations", "target": "vendor-chainalysis", "type": "produced-by", "label": "Chainalysis Crypto Investigations Solutions is modeled as a distinct product or product-labelled offering produced by Chainalysis Inc..", "strength": "full", "evidence": [ "https://www.chainalysis.com/solution/crypto-investigations/, accessed 2026-04-30" ] }, { "source": "prod-elliptic-lens", "target": "vendor-elliptic", "type": "produced-by", "label": "Elliptic Lens is modeled as a distinct product or product-labelled offering produced by Elliptic Enterprises Ltd.", "strength": "full", "evidence": [ "https://www.elliptic.co/blog/introducing-the-new-lens-one-workflow-from-alert-to-decision, accessed 2026-04-30" ] }, { "source": "prod-elliptic-investigator", "target": "vendor-elliptic", "type": "produced-by", "label": "Elliptic Investigator is modeled as a distinct product or product-labelled offering produced by Elliptic Enterprises Ltd.", "strength": "full", "evidence": [ "https://www.elliptic.co/media-center/hashkey-scales-with-elliptics-vasp-compliance-infrastructure, accessed 2026-04-30" ] }, { "source": "prod-elliptic-navigator", "target": "vendor-elliptic", "type": "produced-by", "label": "Elliptic Navigator is modeled as a distinct product or product-labelled offering produced by Elliptic Enterprises Ltd.", "strength": "full", "evidence": [ "https://www.elliptic.co/media-center/hashkey-scales-with-elliptics-vasp-compliance-infrastructure, accessed 2026-04-30" ] }, { "source": "prod-trm-forensics", "target": "vendor-trm", "type": "produced-by", "label": "TRM Forensics is modeled as a distinct product or product-labelled offering produced by TRM Labs Inc..", "strength": "full", "evidence": [ "https://www.trmlabs.com/blockchain-intelligence, accessed 2026-04-30" ] }, { "source": "prod-trm-insights", "target": "vendor-trm", "type": "produced-by", "label": "TRM Insights is modeled as a distinct product or product-labelled offering produced by TRM Labs Inc..", "strength": "full", "evidence": [ "https://www.trmlabs.com/, accessed 2026-04-30" ] }, { "source": "prod-trm-tactical", "target": "vendor-trm", "type": "produced-by", "label": "TRM Tactical is modeled as a distinct product or product-labelled offering produced by TRM Labs Inc..", "strength": "full", "evidence": [ "https://www.trmlabs.com/resources/blog/announces-trm-tactical-the-mobile-first-blockchain-intelligence-tool-for-investigators [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "prod-merkle-tracker", "target": "vendor-merkle", "type": "produced-by", "label": "Merkle Science Tracker is modeled as a distinct product or product-labelled offering produced by Merkle Science.", "strength": "full", "evidence": [ "https://www.merklescience.com/securing-the-blockchain-how-tracker-simplifies-blockchain-forensics-for-law-enforcement-agencies, accessed 2026-04-30" ] }, { "source": "prod-merkle-compass", "target": "vendor-merkle", "type": "produced-by", "label": "Merkle Science Compass is modeled as a distinct product or product-labelled offering produced by Merkle Science.", "strength": "full", "evidence": [ "https://www.merklescience.com/platform/transaction-wallet-monitoring, accessed 2026-04-30" ] }, { "source": "prod-notabene-safetransact", "target": "vendor-notabene", "type": "produced-by", "label": "Notabene SafeTransact is modeled as a distinct product or product-labelled offering produced by Notabene Inc..", "strength": "full", "evidence": [ "https://notabene.id/solutions/safe-transact, accessed 2026-04-30" ] }, { "source": "prod-sumsub-kyc", "target": "vendor-sumsub", "type": "produced-by", "label": "Sumsub KYC is modeled as a distinct product or product-labelled offering produced by Sumsub Holdings.", "strength": "full", "evidence": [ "https://sumsub.com/, accessed 2026-04-30" ] }, { "source": "prod-sumsub-aml", "target": "vendor-sumsub", "type": "produced-by", "label": "Sumsub AML is modeled as a distinct product or product-labelled offering produced by Sumsub Holdings.", "strength": "full", "evidence": [ "https://sumsub.com/travel-rule-eu/, accessed 2026-04-30" ] }, { "source": "prod-sumsub-travel-rule", "target": "vendor-sumsub", "type": "produced-by", "label": "Sumsub Travel Rule is modeled as a distinct product or product-labelled offering produced by Sumsub Holdings.", "strength": "full", "evidence": [ "https://sumsub.com/travel-rule/, accessed 2026-04-30" ] }, { "source": "prod-verifyvasp-travel-rule", "target": "vendor-verifyvasp", "type": "produced-by", "label": "VerifyVASP Travel Rule Platform is modeled as a distinct product or product-labelled offering produced by VerifyVASP.", "strength": "full", "evidence": [ "https://www.verifyvasp.com/en/products/travel-rule/, accessed 2026-04-30" ] }, { "source": "prod-shyft-veriscope", "target": "vendor-shyft", "type": "produced-by", "label": "Shyft Veriscope is modeled as a distinct product or product-labelled offering produced by Shyft Network.", "strength": "full", "evidence": [ "https://www.shyft.network/veriscope, accessed 2026-04-30" ] }, { "source": "prod-onfido-studio", "target": "vendor-entrust-onfido", "type": "produced-by", "label": "Onfido Studio / Entrust Workflow Studio is modeled as a distinct product or product-labelled offering produced by Entrust / Onfido.", "strength": "full", "evidence": [ "https://www.entrust.com/products/identity-verification/studio, accessed 2026-04-30" ] }, { "source": "prod-onfido-verify", "target": "vendor-entrust-onfido", "type": "produced-by", "label": "Onfido Verify / Entrust IDV API is modeled as a distinct product or product-labelled offering produced by Entrust / Onfido.", "strength": "full", "evidence": [ "https://documentation.identity.entrust.com/api/latest/, accessed 2026-04-30" ] }, { "source": "prod-veriff-identity", "target": "vendor-veriff", "type": "produced-by", "label": "Veriff Identity Verification is modeled as a distinct product or product-labelled offering produced by Veriff OÜ.", "strength": "full", "evidence": [ "https://www.veriff.com/product/identity-verification, accessed 2026-04-30" ] }, { "source": "prod-veriff-idv-plus", "target": "vendor-veriff", "type": "produced-by", "label": "Veriff IDV+ is modeled as a distinct product or product-labelled offering produced by Veriff OÜ.", "strength": "full", "evidence": [ "https://www.veriff.com/, accessed 2026-04-30" ] }, { "source": "prod-persona-workflows", "target": "vendor-persona", "type": "produced-by", "label": "Persona Workflows is modeled as a distinct product or product-labelled offering produced by Persona Identities Inc..", "strength": "full", "evidence": [ "https://withpersona.com/product/workflows/, accessed 2026-04-30" ] }, { "source": "prod-persona-reports", "target": "vendor-persona", "type": "produced-by", "label": "Persona Reports is modeled as a distinct product or product-labelled offering produced by Persona Identities Inc..", "strength": "full", "evidence": [ "https://withpersona.com/product/reports/profile/, accessed 2026-04-30" ] }, { "source": "prod-persona-trust", "target": "vendor-persona", "type": "produced-by", "label": "Persona Trust is modeled as a distinct product or product-labelled offering produced by Persona Identities Inc..", "strength": "full", "evidence": [ "https://withpersona.com/use-case/trust/, accessed 2026-04-30" ] }, { "source": "prod-jumio-identity-verification", "target": "vendor-jumio", "type": "produced-by", "label": "Jumio Identity Verification is modeled as a distinct product or product-labelled offering produced by Jumio.", "strength": "full", "evidence": [ "https://www.jumio.com/products/identity-verification/ [stale — older than 2024], accessed 2026-04-30" ] }, { "source": "prod-jumio-aml", "target": "vendor-jumio", "type": "produced-by", "label": "Jumio AML is modeled as a distinct product or product-labelled offering produced by Jumio.", "strength": "full", "evidence": [ "https://www.jumio.com/compliance-regulations/aml-compliance/, accessed 2026-04-30" ] }, { "source": "prod-complyadvantage-mesh", "target": "vendor-complyadvantage", "type": "produced-by", "label": "ComplyAdvantage Mesh is modeled as a distinct product or product-labelled offering produced by ComplyAdvantage Ltd.", "strength": "full", "evidence": [ "https://complyadvantage.com/mesh/, accessed 2026-04-30" ] }, { "source": "prod-complyadvantage-customer-screening", "target": "vendor-complyadvantage", "type": "produced-by", "label": "ComplyAdvantage Customer Screening is modeled as a distinct product or product-labelled offering produced by ComplyAdvantage Ltd.", "strength": "full", "evidence": [ "https://complyadvantage.com/mesh/aml-customer-screening/, accessed 2026-04-30" ] }, { "source": "prod-lseg-world-check", "target": "vendor-lseg", "type": "produced-by", "label": "World-Check is modeled as a distinct product or product-labelled offering produced by LSEG Risk Intelligence / Refinitiv.", "strength": "full", "evidence": [ "https://www.lseg.com/en/risk-intelligence/screening-solutions/world-check-kyc-screening, accessed 2026-04-30" ] }, { "source": "prod-dowjones-riskcenter", "target": "vendor-dowjones", "type": "produced-by", "label": "Dow Jones RiskCenter is modeled as a distinct product or product-labelled offering produced by Dow Jones Risk & Compliance.", "strength": "full", "evidence": [ "https://www.dowjones.com/business-intelligence/risk/products/financial-crime/, accessed 2026-04-30" ] }, { "source": "prod-dowjones-anti-corruption", "target": "vendor-dowjones", "type": "produced-by", "label": "Dow Jones Anti-Corruption is modeled as a distinct product or product-labelled offering produced by Dow Jones Risk & Compliance.", "strength": "full", "evidence": [ "https://www.dowjones.com/business-intelligence/risk/use-case/anti-corruption/, accessed 2026-04-30" ] }, { "source": "prod-sanctionsio-screening-api", "target": "vendor-sanctionsio", "type": "produced-by", "label": "Sanctions.io Screening API is modeled as a distinct product or product-labelled offering produced by Sanctions.io GmbH.", "strength": "full", "evidence": [ "https://www.sanctions.io/solutions/screening-api, accessed 2026-04-30" ] }, { "source": "prod-sardine-platform", "target": "vendor-sardine", "type": "produced-by", "label": "Sardine is modeled as a distinct product or product-labelled offering produced by Sardine AI Inc..", "strength": "full", "evidence": [ "https://www.sardine.ai/, accessed 2026-04-30" ] }, { "source": "prod-hummingbird-platform", "target": "vendor-hummingbird", "type": "produced-by", "label": "Hummingbird Platform is modeled as a distinct product or product-labelled offering produced by Hummingbird RegTech.", "strength": "full", "evidence": [ "https://www.hummingbird.co/, accessed 2026-04-30" ] }, { "source": "prod-hummingbird-regulatory-reporting", "target": "vendor-hummingbird", "type": "produced-by", "label": "Hummingbird Regulatory Reporting is modeled as a distinct product or product-labelled offering produced by Hummingbird RegTech.", "strength": "full", "evidence": [ "https://www.hummingbird.co/product/regulatory-reporting, accessed 2026-04-30" ] }, { "source": "prod-featurespace-aric", "target": "vendor-featurespace", "type": "produced-by", "label": "Featurespace ARIC is modeled as a distinct product or product-labelled offering produced by Featurespace.", "strength": "full", "evidence": [ "https://www.featurespace.com/solutions/aml, accessed 2026-04-30" ] }, { "source": "prod-finray-xziel", "target": "vendor-finray", "type": "produced-by", "label": "Finray XZiel is modeled as a distinct product or product-labelled offering produced by Finray Technologies Ltd.", "strength": "full", "evidence": [ "https://finray.tech/xziel, accessed 2026-04-30" ] }, { "source": "prod-chainalysis-reactor", "target": "ctrl-wallet-attribution-risk", "type": "implements", "label": "Reactor supports investigation workflows for tracing funds and entity exposure.", "strength": "partial", "evidence": [ "https://www.chainalysis.com/product/reactor/, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-chainalysis-kyt", "target": "ctrl-transaction-monitoring", "type": "implements", "label": "KYT is marketed for monitoring and assessing cryptocurrency transaction risk.", "strength": "partial", "evidence": [ "https://www.chainalysis.com/product/kyt/, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-chainalysis-crypto-investigations", "target": "ctrl-wallet-attribution-risk", "type": "implements", "label": "Crypto Investigations Solutions support blockchain tracing and investigative wallet-risk workflows.", "strength": "partial", "evidence": [ "https://www.chainalysis.com/solution/crypto-investigations/, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-elliptic-lens", "target": "ctrl-wallet-attribution-risk", "type": "implements", "label": "Lens supports wallet screening and alert-to-decision workflows.", "strength": "partial", "evidence": [ "https://www.elliptic.co/blog/introducing-the-new-lens-one-workflow-from-alert-to-decision, accessed 2026-04-30", "https://www.elliptic.co/media-center/hashkey-scales-with-elliptics-vasp-compliance-infrastructure, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-elliptic-investigator", "target": "ctrl-wallet-attribution-risk", "type": "implements", "label": "Investigator is referenced as Elliptic’s investigation product.", "strength": "partial", "evidence": [ "https://www.elliptic.co/media-center/hashkey-scales-with-elliptics-vasp-compliance-infrastructure, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-elliptic-navigator", "target": "ctrl-transaction-monitoring", "type": "implements", "label": "Navigator is referenced as Elliptic’s transaction-monitoring product.", "strength": "partial", "evidence": [ "https://www.elliptic.co/media-center/hashkey-scales-with-elliptics-vasp-compliance-infrastructure, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-trm-forensics", "target": "ctrl-wallet-attribution-risk", "type": "implements", "label": "TRM Forensics supports blockchain-intelligence investigation workflows.", "strength": "partial", "evidence": [ "https://www.trmlabs.com/blockchain-intelligence, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-trm-tactical", "target": "ctrl-wallet-attribution-risk", "type": "implements", "label": "TRM Tactical supports mobile-first blockchain-intelligence workflows.", "strength": "partial", "evidence": [ "https://www.trmlabs.com/resources/blog/announces-trm-tactical-the-mobile-first-blockchain-intelligence-tool-for-investigators [stale — older than 2024], accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-merkle-tracker", "target": "ctrl-wallet-attribution-risk", "type": "implements", "label": "Tracker is marketed for crypto investigation and blockchain-forensics workflows.", "strength": "partial", "evidence": [ "https://www.merklescience.com/securing-the-blockchain-how-tracker-simplifies-blockchain-forensics-for-law-enforcement-agencies, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-merkle-compass", "target": "ctrl-transaction-monitoring", "type": "implements", "label": "Compass is marketed for transaction and wallet monitoring with risk reporting.", "strength": "partial", "evidence": [ "https://www.merklescience.com/platform/transaction-wallet-monitoring, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-merkle-compass", "target": "ctrl-wallet-attribution-risk", "type": "implements", "label": "Compass is marketed for wallet monitoring as part of crypto risk assessment.", "strength": "partial", "evidence": [ "https://www.merklescience.com/platform/transaction-wallet-monitoring, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-notabene-safetransact", "target": "ctrl-travel-rule-routing", "type": "implements", "label": "SafeTransact supports pre-transaction Travel Rule workflows.", "strength": "partial", "evidence": [ "https://notabene.id/solutions/safe-transact, accessed 2026-04-30", "https://notabene.id/world/eu, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, counterparty reachability, sunrise-issue fallback workflow, non-custodial wallet handling, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-sumsub-travel-rule", "target": "ctrl-travel-rule-routing", "type": "implements", "label": "Sumsub Travel Rule supports automated Travel Rule data exchange and workflow handling.", "strength": "partial", "evidence": [ "https://sumsub.com/travel-rule/, accessed 2026-04-30", "https://docs.sumsub.com/docs/travel-rule-product-and-compliance-guide, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, counterparty reachability, sunrise-issue fallback workflow, non-custodial wallet handling, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-verifyvasp-travel-rule", "target": "ctrl-travel-rule-routing", "type": "implements", "label": "VerifyVASP supports Travel Rule data exchange under FATF R.16.", "strength": "partial", "evidence": [ "https://www.verifyvasp.com/en/products/travel-rule/, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, counterparty reachability, sunrise-issue fallback workflow, non-custodial wallet handling, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-shyft-veriscope", "target": "ctrl-travel-rule-routing", "type": "implements", "label": "Veriscope supports counterparty discovery and Travel Rule information sharing.", "strength": "partial", "evidence": [ "https://www.shyft.network/veriscope, accessed 2026-04-30", "https://www.shyft.network/products/veriscope/fatf-travel-rule, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, counterparty reachability, sunrise-issue fallback workflow, non-custodial wallet handling, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-sumsub-kyc", "target": "ctrl-kyc-cdd", "type": "implements", "label": "Sumsub KYC supports onboarding and verification workflows.", "strength": "partial", "evidence": [ "https://sumsub.com/, accessed 2026-04-30", "https://sumsub.com/travel-rule-eu/, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ] }, { "source": "prod-sumsub-aml", "target": "ctrl-sanctions-screening", "type": "implements", "label": "Sumsub AML is marketed as part of AML and screening workflows.", "strength": "partial", "evidence": [ "https://sumsub.com/travel-rule-eu/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-sumsub-aml", "target": "ctrl-transaction-monitoring", "type": "implements", "label": "Sumsub materials reference crypto transaction monitoring in the EU Travel Rule offering.", "strength": "partial", "evidence": [ "https://sumsub.com/travel-rule-eu/, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, sanctions list refresh cadence, MiCA-mapped reference architecture, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-onfido-studio", "target": "ctrl-kyc-cdd", "type": "implements", "label": "Onfido Studio / Entrust Workflow Studio supports identity-verification journey orchestration.", "strength": "partial", "evidence": [ "https://www.entrust.com/products/identity-verification/studio, accessed 2026-04-30", "https://www.entrust.com/company/newsroom/entrust-completes-acquisition-of-onfido-creating-a-new-era-of-identity-centric-security, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ] }, { "source": "prod-onfido-verify", "target": "ctrl-kyc-cdd", "type": "implements", "label": "Onfido Verify / Entrust IDV API supports identity-verification flows.", "strength": "partial", "evidence": [ "https://documentation.identity.entrust.com/api/latest/, accessed 2026-04-30", "https://www.entrust.com/products/identity-verification, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ] }, { "source": "prod-veriff-identity", "target": "ctrl-kyc-cdd", "type": "implements", "label": "Veriff Identity Verification supports document, identity and liveness verification.", "strength": "partial", "evidence": [ "https://www.veriff.com/product/identity-verification, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ] }, { "source": "prod-persona-workflows", "target": "ctrl-kyc-cdd", "type": "implements", "label": "Persona Workflows supports identity-verification journey orchestration and decisioning.", "strength": "partial", "evidence": [ "https://withpersona.com/product/workflows/, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ] }, { "source": "prod-persona-workflows", "target": "ctrl-audit-trail-retention", "type": "implements", "label": "Persona Workflows materials reference workflow decisioning and audit-trail features.", "strength": "partial", "evidence": [ "https://withpersona.com/product/workflows/, accessed 2026-04-30", "[evidence pending — vendor outreach required: DORA ICT third-party assurance, ISO 27001 certificate scope, audit-log immutability controls, incident workflow, MiCA-mapped reference architecture]" ] }, { "source": "prod-persona-reports", "target": "ctrl-sanctions-screening", "type": "implements", "label": "Persona Reports includes watchlist and adverse-media report products relevant to screening.", "strength": "partial", "evidence": [ "https://withpersona.com/product/reports/watchlists/, accessed 2026-04-30", "https://withpersona.com/product/reports/adverse-media/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-persona-reports", "target": "ctrl-kyc-cdd", "type": "implements", "label": "Persona Reports supports customer due-diligence evidence through profile and risk reports.", "strength": "partial", "evidence": [ "https://withpersona.com/product/reports/profile/, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ] }, { "source": "prod-persona-trust", "target": "ctrl-kyc-cdd", "type": "implements", "label": "Persona Trust is modeled only as a use-case reference for identity workflows.", "strength": "indirect", "evidence": [ "https://withpersona.com/use-case/trust/, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ] }, { "source": "prod-jumio-identity-verification", "target": "ctrl-kyc-cdd", "type": "implements", "label": "Jumio Identity Verification supports onboarding and KYC identity checks.", "strength": "partial", "evidence": [ "https://www.jumio.com/products/identity-verification/ [stale — older than 2024], accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ] }, { "source": "prod-jumio-aml", "target": "ctrl-sanctions-screening", "type": "implements", "label": "Jumio AML supports AML screening and customer-risk controls.", "strength": "partial", "evidence": [ "https://www.jumio.com/compliance-regulations/aml-compliance/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-complyadvantage-mesh", "target": "ctrl-sanctions-screening", "type": "implements", "label": "ComplyAdvantage Mesh supports AML risk-intelligence screening workflows.", "strength": "partial", "evidence": [ "https://complyadvantage.com/mesh/, accessed 2026-04-30", "https://docs.mesh.complyadvantage.com/docs/overview, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-complyadvantage-mesh", "target": "ctrl-transaction-monitoring", "type": "implements", "label": "ComplyAdvantage Mesh materials reference monitoring behavior and risk signals.", "strength": "partial", "evidence": [ "https://complyadvantage.com/mesh/, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, sanctions list refresh cadence, MiCA-mapped reference architecture, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-complyadvantage-customer-screening", "target": "ctrl-sanctions-screening", "type": "implements", "label": "Customer Screening supports sanctions, PEP and adverse-media screening.", "strength": "partial", "evidence": [ "https://complyadvantage.com/mesh/aml-customer-screening/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-lseg-world-check", "target": "ctrl-sanctions-screening", "type": "implements", "label": "World-Check supports KYC and financial-crime risk screening including sanctions and PEP risk.", "strength": "partial", "evidence": [ "https://www.lseg.com/en/risk-intelligence/screening-solutions/world-check-kyc-screening, accessed 2026-04-30", "https://www.lseg.com/en/risk-intelligence/screening-solutions/world-check-kyc-screening/one-kyc-verification, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-lseg-world-check", "target": "ctrl-kyc-cdd", "type": "implements", "label": "World-Check supports due-diligence evidence for customer-risk assessment.", "strength": "partial", "evidence": [ "https://www.lseg.com/en/risk-intelligence/screening-solutions/world-check-kyc-screening, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ] }, { "source": "prod-dowjones-riskcenter", "target": "ctrl-sanctions-screening", "type": "implements", "label": "Dow Jones RiskCenter supports financial-crime risk screening and due diligence.", "strength": "partial", "evidence": [ "https://www.dowjones.com/business-intelligence/risk/products/financial-crime/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-dowjones-riskcenter", "target": "ctrl-kyc-cdd", "type": "implements", "label": "Dow Jones RiskCenter supports CDD and EDD evidence workflows.", "strength": "partial", "evidence": [ "https://www.dowjones.com/business-intelligence/risk/products/financial-crime/, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ] }, { "source": "prod-dowjones-anti-corruption", "target": "ctrl-sanctions-screening", "type": "implements", "label": "Dow Jones Anti-Corruption is adjacent to sanctions screening through third-party corruption-risk due diligence.", "strength": "indirect", "evidence": [ "https://www.dowjones.com/business-intelligence/risk/use-case/anti-corruption/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-sanctionsio-screening-api", "target": "ctrl-sanctions-screening", "type": "implements", "label": "Sanctions.io Screening API supports sanctions and AML list-screening workflows.", "strength": "partial", "evidence": [ "https://www.sanctions.io/solutions/screening-api, accessed 2026-04-30", "https://api-docs.sanctions.io/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-sardine-platform", "target": "ctrl-transaction-monitoring", "type": "implements", "label": "Sardine materials describe AML transaction monitoring with behavioral and transaction signals.", "strength": "partial", "evidence": [ "https://www.sardine.ai/transaction-monitoring, accessed 2026-04-30", "https://docs.sardine.ai/guides/public/risk/transactionmonitoring/transactionmonitoring, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, sanctions list refresh cadence, MiCA-mapped reference architecture, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-sardine-platform", "target": "ctrl-kyc-cdd", "type": "implements", "label": "Sardine can contribute fraud and AML risk signals to onboarding decisions.", "strength": "indirect", "evidence": [ "https://www.sardine.ai/, accessed 2026-04-30", "https://www.sardine.ai/transaction-monitoring, accessed 2026-04-30", "[evidence pending — vendor outreach required: eIDAS 2 wallet roadmap, source-of-funds workflow, retention policy, manual-review rate disclosure, MiCA-mapped reference architecture]" ] }, { "source": "prod-hummingbird-platform", "target": "ctrl-transaction-monitoring", "type": "implements", "label": "Hummingbird platform materials include transaction monitoring and investigation workflows.", "strength": "partial", "evidence": [ "https://www.hummingbird.co/, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, sanctions list refresh cadence, MiCA-mapped reference architecture, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-hummingbird-platform", "target": "ctrl-sar-str-reporting", "type": "implements", "label": "Hummingbird materials include regulatory reporting and investigation workflows.", "strength": "partial", "evidence": [ "https://www.hummingbird.co/, accessed 2026-04-30", "https://www.hummingbird.co/product/regulatory-reporting, accessed 2026-04-30", "[evidence pending — vendor outreach required: EU FIU filing coverage, SAR/STR narrative controls, audit-trail export format, retention policy, MiCA-mapped reference architecture]" ] }, { "source": "prod-hummingbird-regulatory-reporting", "target": "ctrl-sar-str-reporting", "type": "implements", "label": "Hummingbird Regulatory Reporting supports SAR/STR/CTR filing workflows.", "strength": "partial", "evidence": [ "https://www.hummingbird.co/product/regulatory-reporting, accessed 2026-04-30", "[evidence pending — vendor outreach required: EU FIU filing coverage, SAR/STR narrative controls, audit-trail export format, retention policy, MiCA-mapped reference architecture]" ] }, { "source": "prod-featurespace-aric", "target": "ctrl-transaction-monitoring", "type": "implements", "label": "Featurespace ARIC AML materials support fraud and financial-crime monitoring workflows.", "strength": "partial", "evidence": [ "https://www.featurespace.com/solutions/aml, accessed 2026-04-30", "https://www.featurespace.com/solutions, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, sanctions list refresh cadence, MiCA-mapped reference architecture, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-featurespace-aric", "target": "ctrl-sar-str-reporting", "type": "implements", "label": "Featurespace AML materials reference alert, case-management and reporting workflows leading toward SAR processes.", "strength": "indirect", "evidence": [ "https://www.featurespace.com/solutions/aml, accessed 2026-04-30", "[evidence pending — vendor outreach required: EU FIU filing coverage, SAR/STR narrative controls, audit-trail export format, retention policy, MiCA-mapped reference architecture]" ] }, { "source": "prod-finray-xziel", "target": "ctrl-transaction-monitoring", "type": "implements", "label": "XZiel is marketed for transaction-risk analysis and alert triage; this claim is recused from ranking and requires independent assurance.", "strength": "partial", "evidence": [ "https://finray.tech/xziel, accessed 2026-04-30", "https://xziel.com/, accessed 2026-04-30", "https://www.trmlabs.com/resources/blog/trm-labs-and-finray-technologies-partner-to-deliver-audit-ready-crypto-transaction-monitoring-to-banking-and-payments-workflows, accessed 2026-04-30", "[evidence pending — vendor outreach required: Travel Rule message format support, sanctions list refresh cadence, MiCA-mapped reference architecture, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-finray-xziel", "target": "ctrl-sanctions-screening", "type": "implements", "label": "XZiel materials reference sanctions screening; this claim is recused from ranking and requires independent assurance.", "strength": "partial", "evidence": [ "https://finray.tech/xziel, accessed 2026-04-30", "https://xziel.com/, accessed 2026-04-30", "[evidence pending — vendor outreach required: sanctions list refresh cadence, fuzzy-match policy, escalation workflow, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-finray-xziel", "target": "ctrl-wallet-attribution-risk", "type": "implements", "label": "XZiel and TRM/Finray materials reference blockchain risk intelligence; this claim is recused from ranking and requires independent assurance.", "strength": "partial", "evidence": [ "https://xziel.com/, accessed 2026-04-30", "https://www.trmlabs.com/resources/blog/trm-labs-and-finray-technologies-partner-to-deliver-audit-ready-crypto-transaction-monitoring-to-banking-and-payments-workflows, accessed 2026-04-30", "[evidence pending — vendor outreach required: wallet-attribution methodology, blockchain/token coverage, sanctions exposure model, false-positive rate disclosure, FATF Recommendation 16 compliance proof]" ] }, { "source": "prod-finray-xziel", "target": "ctrl-audit-trail-retention", "type": "implements", "label": "XZiel and TRM/Finray materials reference audit-ready reports and workflows; this claim is recused from ranking and requires independent assurance.", "strength": "partial", "evidence": [ "https://finray.tech/xziel, accessed 2026-04-30", "https://www.trmlabs.com/resources/blog/trm-labs-and-finray-technologies-partner-to-deliver-audit-ready-crypto-transaction-monitoring-to-banking-and-payments-workflows, accessed 2026-04-30", "[evidence pending — vendor outreach required: DORA ICT third-party assurance, ISO 27001 certificate scope, audit-log immutability controls, incident workflow, MiCA-mapped reference architecture]" ] } ], "legend": { "firm-segment": { "color": "#1f77b4", "shape": "round-rectangle", "note": "CASP buyer profile or CASP+EMI hybrid profile." }, "regulator": { "color": "#9467bd", "shape": "diamond", "note": "Regulatory or standard-setting authority node." }, "regulation": { "color": "#d62728", "shape": "hexagon", "note": "Binding legal instrument relevant to CASP operating-model design." }, "standard": { "color": "#ff7f0e", "shape": "triangle", "note": "Technical, data, messaging or methodological standard." }, "control": { "color": "#2ca02c", "shape": "rectangle", "note": "Buyer-side RFP control or evidence domain." }, "vendor": { "color": "#7f7f7f", "shape": "ellipse", "note": "Software company; never collapsed with products." }, "product": { "color": "#17becf", "shape": "round-tag", "note": "Named software product or product-labelled offering; connected to vendor by produced-by edge." } } }