Finray Intelligence CASP MiCA compliance operating model

CASP MiCA compliance operating model

Decision graph for Crypto-Asset Service Providers selecting their compliance operating model under MiCA Title V, AMLR, AMLD6, the Transfer of Funds Regulation, FATF Travel Rule and DORA. Vendor-neutral; XZiel recused from ranking.

Cluster: XZiel
Published: 2026-05-01
Disclosure: Finray product recused from ranking

The CASP MiCA compliance operating model graph maps the decision a Crypto-Asset Service Provider faces when assembling its compliance stack: regulatory anchors (MiCA Title V, AMLR, AMLD6, Transfer of Funds Regulation, FATF Travel Rule, DORA, NIS2), the controls those anchors require (KYC/CDD, sanctions, transaction monitoring, Travel Rule, market abuse surveillance, ICT risk, governance), and the vendor products that implement those controls today.

The graph is vendor-neutral on every category in which Finray Technologies Ltd does not ship a product. XZiel is Finray’s transaction-risk-monitoring platform; it is recused from any ranking, scoring, or “best of” recommendation and is included as a referenced product node only. Every product node carries its primary-source URL with an accessed-date suffix; gaps are flagged as [evidence pending — vendor outreach required] rather than filled by inference.

Click any node or edge to inspect its evidence. The legend, top-right of the canvas, maps node colour to type. Pan with click-drag; zoom with the wheel; reset with double-click on background.

Layout: cose
Nodes: 94
Edges: 139
Last reviewed: 2026-04-30
Evidence cutoff: 2026-04-30
Pending outreach: 37

This decision graph requires JavaScript to render. The underlying data is published as JSON at /data/graphs/casp-mica-compliance-operating-model-graph.json and validates against the schema at src/lib/intelligence-graph-schema.ts.

firm-segment
regulator
regulation
standard
control
vendor
product
finray product (COI)

Reference index

The interactive decision graph above and the tables below cover the same data. The graph is for visual exploration; the tables index every regulation, standard, control, vendor and product in plain text with primary-source links — for search engines, citation tools and readers who prefer linear reading.

Regulatory anchors and supervisory standards

The legal instruments and supervisory standards an institution in this segment must satisfy. Each row links to the primary source — official journal page, supervisor circular, or standards body — with the date the source was last accessed.

Regulatory anchors and supervisory standards covered in this radar, with primary-source links.
Anchor	Scope	Primary source
MiCA Regulation (EU) 2023/1114 — Title V Regulation	Primary legal anchor for CASP authorisation and operating obligations.	View source
MiCA Regulation (EU) 2023/1114 — Title III Regulation	Adjacent anchor for ART issuers and CASP groups handling ART issuance or admission.	View source
MiCA Regulation (EU) 2023/1114 — Title IV Regulation	Adjacent anchor for EMT issuers and CASP+EMI overlap.	View source
AMLR Regulation (EU) 2024/1624 Regulation	Binding AML package anchor for future harmonised CDD, monitoring and risk controls.	View source
AMLD6 Directive (EU) 2024/1640 Regulation	Directive anchor for national AML implementation and FIU-facing procedures.	View source
AMLA Regulation (EU) 2024/1620 Regulation	Institutional anchor establishing AMLA.	View source
Transfer of Funds Regulation (EU) 2023/1113 Regulation	Direct EU anchor for information accompanying crypto-asset transfers.	View source
DORA Regulation (EU) 2022/2554 Regulation	ICT operational resilience anchor for CASP operating models.	View source
eIDAS 2 Regulation (EU) 2024/1183 Regulation	Adjacent anchor for digital identity wallet and trust-service onboarding flows.	View source
FATF Recommendation 16 and VA/VASP guidance Standard	Global Travel Rule methodology for originator and beneficiary information.	View source
IVMS 101 Standard	Common data model for required Travel Rule party information.	View source
TRP — Travel Rule Protocol Standard	Open protocol option for Travel Rule data exchange between VASPs.	View source
OFAC SDN and consolidated screening data Standard	US sanctions-list data input for global screening programs.	View source
EU consolidated financial sanctions list Standard	EU sanctions-list data input for EU CASP sanctions screening.	View source
ISO/IEC 27001 Standard	Security baseline for vendor and internal ICT assurance.	View source
ISO 20022 Standard	Payments message standard relevant at CASP+EMI and fiat-rail intersections.	View source
IETF JMAP Standard	Technical reference for structured JSON object workflows; not a MiCA mandate.	View source
OpenID Connect Standard	Identity protocol reference for authenticated digital identity assertions.	View source

Controls

The control domains those regulatory anchors require. Each control sits at the intersection of one or more regulations and one or more vendor products that implement it.

Control domains required by the regulatory anchors above.
Control	What it covers
KYC/CDD onboarding	Lifecycle onboarding control covering IDV, risk rating, source of funds and refresh.
Sanctions screening	Control for screening customers, counterparties, wallets and transactions against sanctions/watchlists.
Transaction monitoring	Control for detecting suspicious fiat and crypto behaviour through scenarios, models and case workflows.
Wallet-address attribution and risk scoring	Control for address attribution, clustering, exposure scoring, typology tags and blockchain coverage.
Travel Rule routing	Control for sending, receiving, validating and reconciling Travel Rule information.
Suspicious activity reporting	Control for escalating suspicious activity and producing FIU-ready SAR/STR narratives.
Custody-asset segregation	Control for separating own funds, client funds, client crypto-assets and custody key evidence.
MiCA whitepaper publication and notification	Control for token whitepaper publication, notification and product governance where relevant.
ICT operational resilience	Control for ICT risk, incidents, resilience testing and third-party dependency governance.
Internal audit and audit-trail evidence retention	Control for preserving defensible evidence across onboarding, alerts, investigations and filings.

Vendors and products

Named vendors active in this control space and the specific products each ships. Listing is alphabetical within the graph's evidence set; inclusion is editorial, not commercial, and is not a recommendation. Finray Technologies Ltd ships products in this space and is recused from any ranking — see the methodology page for the conflict-of-interest framework.

Vendors and the specific products each ships into this control space.
Vendor	Products	Vendor source
Chainalysis Inc. Blockchain analytics vendor.	Chainalysis Reactor — Crypto investigations product for tracing funds and entity exposure. ( product page ) Chainalysis KYT — Crypto transaction monitoring product for platform-scale risk assessment. ( product page ) Chainalysis Crypto Investigations Solutions — Investigation solution for tracing funds across blockchains. ( product page )	Vendor site
Elliptic Enterprises Ltd Blockchain analytics vendor.	Elliptic Lens — Wallet screening and alert-to-decision workflow product. ( product page ) Elliptic Investigator — Investigation product referenced in Elliptic VASP compliance materials. ( product page ) Elliptic Navigator — Transaction monitoring product referenced in Elliptic VASP compliance materials. ( product page )	Vendor site
TRM Labs Inc. Blockchain intelligence vendor.	TRM Forensics — Blockchain intelligence product for investigations and fund-flow analysis. ( product page ) TRM Insights — Not verified as a currently marketed standalone software product during this session. TRM Tactical — Mobile-first blockchain intelligence tool for investigators. ( product page )	Vendor site
Merkle Science Blockchain analytics vendor.	Merkle Science Tracker — Crypto investigation and blockchain tracing product. ( product page ) Merkle Science Compass — Transaction and wallet monitoring product for AML and risk reporting. ( product page )	Vendor site
Notabene Inc. Travel Rule vendor.	Notabene SafeTransact — Pre-transaction crypto compliance and Travel Rule solution. ( product page )	Vendor site
Sumsub Holdings KYC, AML and Travel Rule platform vendor.	Sumsub KYC — KYC onboarding component of Sumsub verification platform. ( product page ) Sumsub AML — AML screening and monitoring component of Sumsub platform. ( product page ) Sumsub Travel Rule — Travel Rule solution for VASP/CASP data exchange and compliance workflows. ( product page )	Vendor site
VerifyVASP Travel Rule platform vendor.	VerifyVASP Travel Rule Platform — Platform for VASPs to exchange required FATF R.16 information. ( product page )	Vendor site
Shyft Network Vendor/network behind Veriscope Travel Rule tooling.	Shyft Veriscope — Travel Rule product/network for counterparty VASP discovery and data sharing. ( product page )	Vendor site
Entrust / Onfido Entrust identity verification vendor including Onfido acquired in 2024.	Onfido Studio / Entrust Workflow Studio — Identity-verification workflow builder now in Entrust materials. ( product page ) Onfido Verify / Entrust IDV API — Identity verification API and flows formerly associated with Onfido. ( product page )	Vendor site
Veriff OÜ Identity verification vendor.	Veriff Identity Verification — Document, identity and liveness verification product. ( product page ) Veriff IDV+ — Separate IDV+ product page was not verified during this session.	Vendor site
Persona Identities Inc. Identity workflow and report vendor.	Persona Workflows — Workflow product for identity-verification journeys and decisioning. ( product page ) Persona Reports — Report products for profile, watchlist and adverse-media checks. ( product page ) Persona Trust — Trust page is modeled as a use-case label, not a verified standalone product. ( product page )	Vendor site
Jumio Identity verification and AML vendor.	Jumio Identity Verification — Identity verification product for onboarding and KYC/AML checks. ( product page ) Jumio AML — AML compliance product for customer-risk controls. ( product page )	Vendor site
ComplyAdvantage Ltd AML risk-intelligence vendor.	ComplyAdvantage Mesh — AML risk-intelligence platform for screening and monitoring. ( product page ) ComplyAdvantage Customer Screening — Customer screening product for sanctions, PEP and adverse-media risk. ( product page )	Vendor site
LSEG Risk Intelligence / Refinitiv Risk-intelligence vendor behind World-Check.	World-Check — LSEG/Refinitiv screening product for KYC and financial-crime risk. ( product page )	Vendor site
Dow Jones Risk & Compliance Risk-data and due-diligence vendor.	Dow Jones RiskCenter — RiskCenter product for financial-crime due diligence and monitoring. ( product page ) Dow Jones Anti-Corruption — Anti-corruption due-diligence product/use-case. ( product page )	Vendor site
Sanctions.io GmbH Sanctions and AML screening API vendor.	Sanctions.io Screening API — Sanctions and AML screening API. ( product page )	Vendor site
Sardine AI Inc. Fraud and AML risk platform vendor.	Sardine — Fraud and AML platform with transaction-monitoring documentation. ( product page )	Vendor site
Hummingbird RegTech Financial-crime case-management and reporting vendor.	Hummingbird Platform — Financial-crime platform with investigations and regulatory reporting. ( product page ) Hummingbird Regulatory Reporting — Regulatory reporting product for SAR/STR/CTR filing workflows. ( product page )	Vendor site
Featurespace ARIC platform vendor for fraud and financial crime.	Featurespace ARIC — ARIC Risk Hub/AML solution for fraud and financial-crime monitoring. ( product page )	Vendor site
Finray Technologies Ltd Finray vendor node for XZiel; excluded from ranking. Finray Technologies — recused from ranking	Finray XZiel — Finray product for transaction-risk analysis, sanctions screening and audit-ready workflows; recused from ranking. ( product page )	Vendor site