Crypto Risk Scores: How They Help Prevent Financial Crime

In the early days of cryptocurrency, security measures were starkly binary: if an address appeared on a blacklist, organizations simply avoided doing business with it.

Criminals, however, quickly found ways to bypass these blacklists. For example, they could create new addresses unlinked to any previously blacklisted ones.

To address this, crypto risk scores were developed, enabling businesses to assess wallets and transactions with greater nuance. This article explores what crypto risk scores are, how they can be tailored to specific needs, and what organizations should prioritize when selecting a tool to determine these scores.

The Range of Crypto Risk Scores

Most people are familiar with credit scores, which range from 350 to 850. Similarly, crypto risk scores span a spectrum, though they are typically expressed in qualitative terms: low, medium, and high risk.

While businesses can customize each level to meet their specific risk tolerance—which may differ across markets—these categories generally align as follows:

High Risk
High-risk wallets should be avoided by exchanges. They may have direct exposure to wallets sanctioned by entities like the Office of Foreign Assets Control (OFAC) or other regulatory bodies maintaining blacklists. Alternatively, they may be linked to high-risk jurisdictions with inadequate Anti-Money Laundering (AML), Know Your Customer (KYC), or Combating the Financing of Terrorism (CFT) regulations, such as North Korea, Russia, or Iran.

Certain behaviors may also justify a wallet being deemed high risk. For instance, while coin mixers have legitimate applications for privacy, frequent use may signal potential criminal activity. Other red flags include involvement in money laundering techniques like layering, chain hopping, peel chains, or unusual behaviors, such as withdrawing most funds within minutes of receipt.

Medium Risk
Medium-risk accounts often fall into gray areas that would be most impacted by a blacklist-only approach. Without crypto risk scores, organizations might either reject legitimate customers (false positives) or inadvertently accept bad actors (false negatives). Risk scores enable exchanges to take intermediate actions, such as requesting additional documentation or conducting further screening for medium-risk wallets.

A wallet flagged as medium risk may, for example, have indirect exposure (more than two hops away) to sanctioned entities or be linked to jurisdictions under regulatory scrutiny, such as Barbados or Kenya. Behavioral indicators might include interactions with unregulated exchanges or moderate use of privacy tools.

Low Risk
Contrary to the perception of crypto as a "Wild West," the majority of transactions are low risk. These wallets likely belong to legitimate users, showing no direct or indirect ties to sanctioned entities, high-risk jurisdictions, or illicit businesses. Behavioral patterns, such as consistent trading activity, further support their legitimacy.

Businesses should enable low-risk wallets to operate freely but subject them to continuous monitoring. Crypto risk scores are dynamic; a wallet’s status can shift to medium or high risk if it gains exposure to suspicious activity or entities.

By categorizing wallets, exchanges can block high-risk accounts, require additional screening for medium-risk ones, and allow low-risk accounts to transact—ultimately aiding in the prevention of crypto-related crimes.

Determining Crypto Risk Scores

Crypto risk scores should be tailored to align with a business’s specific needs. Key factors to consider include:

• Jurisdiction - Crypto businesses often operate across multiple jurisdictions, each with its own regulatory landscape. In well-regulated markets like the United States or Singapore, organizations may opt for stricter thresholds for medium and high-risk activities. Conversely, in jurisdictions with vague or inconsistent guidelines, businesses might adjust thresholds differently to balance compliance and operational flexibility.
  
  
• Cryptocurrency - Cryptocurrencies vary significantly in their risk profiles. For example, privacy coins like Monero pose higher risks due to their enhanced pseudonymity, making them attractive to bad actors. Conversely, stablecoins generally carry lower risks because of their regulatory oversight. Businesses should configure their risk scores to reflect the unique risk levels associated with different cryptocurrencies.
  
  
• Transaction Behavior - Certain behaviors, such as rapid fund withdrawal or interactions with unregulated exchanges, are consistent indicators of criminal activity. However, emerging patterns—like dispersed small transfers potentially linked to address poisoning—require updated risk configurations. Businesses should stay vigilant and adjust their risk models to account for these evolving typologies.

Careful customization of risk categories is as critical as selecting the right compliance tool to ensure robust risk management.

Choosing a Crypto Compliance Tool for Crypto Risk Scoring

When selecting a compliance tool for crypto risk scoring, businesses should prioritize the following features:

• Continuous Monitoring - Risk scores are not static. A robust crypto compliance solution must continuously monitor wallets, especially those flagged as medium risk, for changes that could elevate or lower their risk level. This dynamic capability ensures informed decisions during onboarding and throughout the customer lifecycle.
  
  
• Customizable Rule Engine and Alerts - While blacklist support is essential, advanced tools should offer a behavior-based rule engine that is fully customizable. Businesses should be able to define risk thresholds universally or on a jurisdictional basis. Additionally, the tool should generate alerts for flagged behaviors, enabling timely interventions.
  
  
• Comprehensive Reporting - Risk scoring is a cornerstone of compliance with AML, KYC, and CFT regulations. The chosen tool must simplify the process of documenting and reporting compliance actions, such as requesting additional verification from medium-risk wallets. This capability ensures regulatory transparency and accountability.

Conclusion

Crypto risk scores are indispensable for effective blockchain analytics and financial crime prevention.

By leveraging these scores, businesses can adopt a nuanced approach to risk management. Configuring scores to account for jurisdictional differences, cryptocurrency-specific risks, and evolving transaction behaviors empowers organizations to mitigate risks effectively.

Ultimately, success lies in implementing a robust risk-scoring program. Such a program enables businesses to block criminals, scrutinize suspicious wallets, and facilitate legitimate transactions. To achieve this, organizations must invest in a compliance tool that combines power with flexibility, like Merkle Science’s Compass. Get in touch for a demo today.

‍