# CASP MiCA compliance operating model Crypto-Asset Service Providers authorised under MiCA Title V must operate a compliance model spanning AMLR, AMLD6, TFR, FATF Travel Rule and DORA obligations. This decision graph maps 94 nodes and 139 edges across 18 regulatory anchors, 10 control domains, 20 vendor nodes and 37 product nodes for buyer due diligence. XZiel recused from ranking. - Source: https://finray.tech/intelligence/casp-mica-compliance/ - Cluster: XZiel - Published: 2026-05-01 - Conflict of interest: Finray Technologies Ltd ships XZiel. XZiel is recused from any qualitative ranking on this page. - Publisher: Finray Technologies Ltd, Cyprus Companies Registry HE 445903 - Editorial principle: primary sources only; conflicts of interest disclosed inline --- The CASP MiCA compliance operating model graph maps the decision a Crypto-Asset Service Provider faces when assembling its compliance stack: regulatory anchors (MiCA Title V, AMLR, AMLD6, Transfer of Funds Regulation, FATF Travel Rule, DORA, NIS2), the controls those anchors require (KYC/CDD, sanctions, transaction monitoring, Travel Rule, market abuse surveillance, ICT risk, governance), and the vendor products that implement those controls today. The graph is vendor-neutral on every category in which Finray Technologies Ltd does not ship a product. **XZiel is Finray's transaction-risk-monitoring platform; it is recused from any ranking, scoring, or "best of" recommendation and is included as a referenced product node only.** Every product node carries its primary-source URL with an accessed-date suffix; gaps are flagged as `[evidence pending — vendor outreach required]` rather than filled by inference. Click any node or edge to inspect its evidence. The legend, top-right of the canvas, maps node colour to type. Pan with click-drag; zoom with the wheel; reset with double-click on background. --- ## Reference index ### Regulators (5) - **ESMA** — https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica — MiCA Level 2/3 and supervisory-convergence anchor for CASPs. - **EBA** — https://www.eba.europa.eu/regulation-and-policy/asset-referenced-and-e-money-tokens-mica — MiCA ART/EMT anchor with adjacent effects for CASPs handling ARTs or EMTs. - **AMLA** — https://www.amla.europa.eu/index_en — Incoming AML authority relevant to future direct-supervision selection. - **National Competent Authorities** — Generic node for NCAs; individual NCAs are intentionally not enumerated. - **FATF** — https://www.fatf-gafi.org/en/topics/virtual-assets.html — Global source for Recommendation 16 and VASP/virtual-asset AML guidance. ### Regulations (9) - **MiCA Regulation (EU) 2023/1114 — Title V** — https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng — Primary legal anchor for CASP authorisation and operating obligations. - **MiCA Regulation (EU) 2023/1114 — Title III** — https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng — Adjacent anchor for ART issuers and CASP groups handling ART issuance or admission. - **MiCA Regulation (EU) 2023/1114 — Title IV** — https://eur-lex.europa.eu/eli/reg/2023/1114/oj/eng — Adjacent anchor for EMT issuers and CASP+EMI overlap. - **AMLR Regulation (EU) 2024/1624** — https://eur-lex.europa.eu/eli/reg/2024/1624/oj/eng — Binding AML package anchor for future harmonised CDD, monitoring and risk controls. - **AMLD6 Directive (EU) 2024/1640** — https://eur-lex.europa.eu/eli/dir/2024/1640/oj/eng — Directive anchor for national AML implementation and FIU-facing procedures. - **AMLA Regulation (EU) 2024/1620** — https://eur-lex.europa.eu/eli/reg/2024/1620/oj/eng — Institutional anchor establishing AMLA. - **Transfer of Funds Regulation (EU) 2023/1113** — https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng — Direct EU anchor for information accompanying crypto-asset transfers. - **DORA Regulation (EU) 2022/2554** — https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng — ICT operational resilience anchor for CASP operating models. - **eIDAS 2 Regulation (EU) 2024/1183** — https://eur-lex.europa.eu/eli/reg/2024/1183/oj/eng — Adjacent anchor for digital identity wallet and trust-service onboarding flows. ### Standards (9) - **FATF Recommendation 16 and VA/VASP guidance** — https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html — Global Travel Rule methodology for originator and beneficiary information. - **IVMS 101** — https://www.intervasp.org/ — Common data model for required Travel Rule party information. - **TRP — Travel Rule Protocol** — https://gitlab.com/OpenVASP/travel-rule-protocol — Open protocol option for Travel Rule data exchange between VASPs. - **OFAC SDN and consolidated screening data** — https://ofac.treasury.gov/sanctions-list-service — US sanctions-list data input for global screening programs. - **EU consolidated financial sanctions list** — https://data.europa.eu/data/datasets/consolidated-list-of-persons-groups-and-entities-subject-to-eu-financial-sanctions?locale=en — EU sanctions-list data input for EU CASP sanctions screening. - **ISO/IEC 27001** — https://www.iso.org/standard/27001 — Security baseline for vendor and internal ICT assurance. - **ISO 20022** — https://www.iso.org/standard/20022-1 — Payments message standard relevant at CASP+EMI and fiat-rail intersections. - **IETF JMAP** — https://datatracker.ietf.org/doc/html/rfc8620 — Technical reference for structured JSON object workflows; not a MiCA mandate. - **OpenID Connect** — https://openid.net/specs/openid-connect-core-1_0.html — Identity protocol reference for authenticated digital identity assertions. ### Controls (10) - **KYC/CDD onboarding** — Lifecycle onboarding control covering IDV, risk rating, source of funds and refresh. - **Sanctions screening** — Control for screening customers, counterparties, wallets and transactions against sanctions/watchlists. - **Transaction monitoring** — Control for detecting suspicious fiat and crypto behaviour through scenarios, models and case workflows. - **Wallet-address attribution and risk scoring** — Control for address attribution, clustering, exposure scoring, typology tags and blockchain coverage. - **Travel Rule routing** — Control for sending, receiving, validating and reconciling Travel Rule information. - **Suspicious activity reporting** — Control for escalating suspicious activity and producing FIU-ready SAR/STR narratives. - **Custody-asset segregation** — Control for separating own funds, client funds, client crypto-assets and custody key evidence. - **MiCA whitepaper publication and notification** — Control for token whitepaper publication, notification and product governance where relevant. - **ICT operational resilience** — Control for ICT risk, incidents, resilience testing and third-party dependency governance. - **Internal audit and audit-trail evidence retention** — Control for preserving defensible evidence across onboarding, alerts, investigations and filings. ### Vendors and products (20) - **Chainalysis Inc.** — https://www.chainalysis.com/ — Blockchain analytics vendor. - Chainalysis Reactor (https://www.chainalysis.com/product/reactor/): Crypto investigations product for tracing funds and entity exposure. - Chainalysis KYT (https://www.chainalysis.com/product/kyt/): Crypto transaction monitoring product for platform-scale risk assessment. - Chainalysis Crypto Investigations Solutions (https://www.chainalysis.com/solution/crypto-investigations/): Investigation solution for tracing funds across blockchains. - **Elliptic Enterprises Ltd** — https://www.elliptic.co/ — Blockchain analytics vendor. - Elliptic Lens (https://www.elliptic.co/blog/introducing-the-new-lens-one-workflow-from-alert-to-decision): Wallet screening and alert-to-decision workflow product. - Elliptic Investigator (https://www.elliptic.co/media-center/hashkey-scales-with-elliptics-vasp-compliance-infrastructure): Investigation product referenced in Elliptic VASP compliance materials. - Elliptic Navigator (https://www.elliptic.co/media-center/hashkey-scales-with-elliptics-vasp-compliance-infrastructure): Transaction monitoring product referenced in Elliptic VASP compliance materials. - **TRM Labs Inc.** — https://www.trmlabs.com/ — Blockchain intelligence vendor. - TRM Forensics (https://www.trmlabs.com/blockchain-intelligence): Blockchain intelligence product for investigations and fund-flow analysis. - TRM Insights: Not verified as a currently marketed standalone software product during this session. - TRM Tactical (https://www.trmlabs.com/resources/blog/announces-trm-tactical-the-mobile-first-blockchain-intelligence-tool-for-investigators): Mobile-first blockchain intelligence tool for investigators. - **Merkle Science** — https://www.merklescience.com/ — Blockchain analytics vendor. - Merkle Science Tracker (https://www.merklescience.com/securing-the-blockchain-how-tracker-simplifies-blockchain-forensics-for-law-enforcement-agencies): Crypto investigation and blockchain tracing product. - Merkle Science Compass (https://www.merklescience.com/platform/transaction-wallet-monitoring): Transaction and wallet monitoring product for AML and risk reporting. - **Notabene Inc.** — https://notabene.id/solutions/safe-transact — Travel Rule vendor. - Notabene SafeTransact (https://notabene.id/solutions/safe-transact): Pre-transaction crypto compliance and Travel Rule solution. - **Sumsub Holdings** — https://sumsub.com/ — KYC, AML and Travel Rule platform vendor. - Sumsub KYC (https://sumsub.com/): KYC onboarding component of Sumsub verification platform. - Sumsub AML (https://sumsub.com/travel-rule-eu/): AML screening and monitoring component of Sumsub platform. - Sumsub Travel Rule (https://sumsub.com/travel-rule/): Travel Rule solution for VASP/CASP data exchange and compliance workflows. - **VerifyVASP** — https://www.verifyvasp.com/ — Travel Rule platform vendor. - VerifyVASP Travel Rule Platform (https://www.verifyvasp.com/en/products/travel-rule/): Platform for VASPs to exchange required FATF R.16 information. - **Shyft Network** — https://www.shyft.network/veriscope — Vendor/network behind Veriscope Travel Rule tooling. - Shyft Veriscope (https://www.shyft.network/veriscope): Travel Rule product/network for counterparty VASP discovery and data sharing. - **Entrust / Onfido** — https://www.entrust.com/company/onfido-is-now-entrust — Entrust identity verification vendor including Onfido acquired in 2024. - Onfido Studio / Entrust Workflow Studio (https://www.entrust.com/products/identity-verification/studio): Identity-verification workflow builder now in Entrust materials. - Onfido Verify / Entrust IDV API (https://documentation.identity.entrust.com/api/latest/): Identity verification API and flows formerly associated with Onfido. - **Veriff OÜ** — https://www.veriff.com/ — Identity verification vendor. - Veriff Identity Verification (https://www.veriff.com/product/identity-verification): Document, identity and liveness verification product. - Veriff IDV+: Separate IDV+ product page was not verified during this session. - **Persona Identities Inc.** — https://withpersona.com/ — Identity workflow and report vendor. - Persona Workflows (https://withpersona.com/product/workflows/): Workflow product for identity-verification journeys and decisioning. - Persona Reports (https://withpersona.com/product/reports/profile/): Report products for profile, watchlist and adverse-media checks. - Persona Trust (https://withpersona.com/use-case/trust/): Trust page is modeled as a use-case label, not a verified standalone product. - **Jumio** — https://www.jumio.com/ — Identity verification and AML vendor. - Jumio Identity Verification (https://www.jumio.com/products/identity-verification/): Identity verification product for onboarding and KYC/AML checks. - Jumio AML (https://www.jumio.com/compliance-regulations/aml-compliance/): AML compliance product for customer-risk controls. - **ComplyAdvantage Ltd** — https://complyadvantage.com/mesh/ — AML risk-intelligence vendor. - ComplyAdvantage Mesh (https://complyadvantage.com/mesh/): AML risk-intelligence platform for screening and monitoring. - ComplyAdvantage Customer Screening (https://complyadvantage.com/mesh/aml-customer-screening/): Customer screening product for sanctions, PEP and adverse-media risk. - **LSEG Risk Intelligence / Refinitiv** — https://www.lseg.com/en/risk-intelligence/screening-solutions/world-check-kyc-screening — Risk-intelligence vendor behind World-Check. - World-Check (https://www.lseg.com/en/risk-intelligence/screening-solutions/world-check-kyc-screening): LSEG/Refinitiv screening product for KYC and financial-crime risk. - **Dow Jones Risk & Compliance** — https://www.dowjones.com/business-intelligence/risk/ — Risk-data and due-diligence vendor. - Dow Jones RiskCenter (https://www.dowjones.com/business-intelligence/risk/products/financial-crime/): RiskCenter product for financial-crime due diligence and monitoring. - Dow Jones Anti-Corruption (https://www.dowjones.com/business-intelligence/risk/use-case/anti-corruption/): Anti-corruption due-diligence product/use-case. - **Sanctions.io GmbH** — https://www.sanctions.io/ — Sanctions and AML screening API vendor. - Sanctions.io Screening API (https://www.sanctions.io/solutions/screening-api): Sanctions and AML screening API. - **Sardine AI Inc.** — https://www.sardine.ai/ — Fraud and AML risk platform vendor. - Sardine (https://www.sardine.ai/transaction-monitoring): Fraud and AML platform with transaction-monitoring documentation. - **Hummingbird RegTech** — https://www.hummingbird.co/ — Financial-crime case-management and reporting vendor. - Hummingbird Platform (https://www.hummingbird.co/): Financial-crime platform with investigations and regulatory reporting. - Hummingbird Regulatory Reporting (https://www.hummingbird.co/product/regulatory-reporting): Regulatory reporting product for SAR/STR/CTR filing workflows. - **Featurespace** — https://www.featurespace.com/ — ARIC platform vendor for fraud and financial crime. - Featurespace ARIC (https://www.featurespace.com/solutions/aml): ARIC Risk Hub/AML solution for fraud and financial-crime monitoring. - **Finray Technologies Ltd** — https://finray.tech/ — Finray vendor node for XZiel; excluded from ranking. - Finray XZiel (https://finray.tech/xziel): Finray product for transaction-risk analysis, sanctions screening and audit-ready workflows; recused from ranking.