.png){kind=logo}
Compliance & Security
Global Compliance Readiness
How KryptoX aligns with global AML/CFT, sanctions, and data-protection standards to enable fast, compliant crypto-to-bank settlements.
AML / KYC / KYB
- Risk-based onboarding (individuals & businesses)
- PEP/sanctions screening & ongoing monitoring (KYT)
- Dual review for high-risk & case management
Sanctions & Financial Crime
- OFAC / EU / UK list coverage with fuzzy matching
- Alert workflows: hold settlement until cleared
- Evidence trails & disposition notes
Data Protection
- Encryption in transit & at rest; RBAC
- Data minimization & retention schedules
- Subject-rights support (export/delete)
Regional Readiness
Americas
- AML program aligned to BSA/AML principles
- Sanctions screening (OFAC) before settlement
- Partner banks for fiat settlement windows
Settlement SLA
Under 1h
Depends on bank window & screening status
EMEA
- Risk-based KYC/KYB; sanctions (EU/UK) coverage
- GDPR data-rights workflows (access/export/delete)
- Evidence bundles for audits (PDF/CSV + attachments)
APAC
- KYC/KYB with liveness & document verification
- Periodic rescreening per risk tier
- Localization: date/ID formats & address schemas
Control Matrix
Implemented
Partial
N/A
| Domain | Controls | Status | Evidence |
|---|---|---|---|
| Onboarding | KYC/KYB, risk scoring, sanctions checks | Implemented | Decision logs, screenshots, provider receipts |
| Monitoring | KYT alerts & settlement holds | Implemented | Case notes, webhook IDs, ledger refs |
| Privacy | Encryption, RBAC, retention schedules | Implemented | Key mgmt docs, retention policy |
| Third Parties | Vendor reviews & data-processing terms | Partial | DPA templates, SOC/ISO reports (on request) |
| Incident Response | Runbooks & notification procedures | Implemented | IR plan, comms templates |
| Pen-Testing | Annual external test; remediation tracking | Partial | Latest report summary (under NDA) |
Governance & Reviews
-
Policy reviews — Quarterly
AML/KYC, sanctions, data protection, incident response.
-
PEP/Sanctions rescreen — 6–12 months (risk-based)
High-risk every 3 months or upon profile change.
-
Access reviews — Quarterly
RBAC verification & least-privilege checks.
-
External audit / pen-test — Annual
Independent assessment & remediation tracking.