Legichain for crypto exchanges
Wallet risk scoring, customer KYC and FATF Travel Rule messaging — the three layers an authorised CASP under MiCA needs, on one stack, with MAS, FCA and Turkish KVHS frameworks supported out of the same surface.
A regulated crypto exchange has a harder compliance problem than most regulated entities: every deposit address is a new counterparty, every withdrawal needs to clear a Travel Rule message in seconds, and the sanctions surface is on-chain (mixers, ransomware clusters, OFAC-tagged addresses) as well as off-chain. Legichain consolidates the three layers a CASP authorised under MiCA actually needs — on-chain risk scoring, digital KYC and Travel Rule messaging — onto one API. The same surface covers UK FCA-registered firms and Turkish KVHS-authorised operators, so a single exchange running multiple jurisdictions does not need a separate compliance stack per market.
What slows a CASP's compliance programme down
Wallet screening at deposit and withdrawal
Every inbound deposit needs scoring against sanctions clusters, mixer endpoints, darknet markets, ransomware wallets and scam-tagged addresses before credit. Every withdrawal needs the same check before release. Latency budget: under 500 ms each way. Most blockchain analytics vendors deliver 1.5-3 seconds.
Travel Rule sunrise problem
FATF Recommendation 16 and the EU TFR (Reg. EU 2023/1113) require originator and beneficiary VASP data exchange on transfers above the threshold. But protocol fragmentation between TRP, Sygna, OpenVASP and TRISA means your counterparty often speaks a different protocol than yours.
MiCA CASP authorisation deadlines
MiCA (Reg. EU 2023/1114) requires CASP authorisation from 30 December 2024 with grandfathering windows closing 1 July 2026 in most member states. AMLA's authorisation file expects documented controls for transaction monitoring, sanctions screening, Travel Rule and customer due diligence.
UK MLR threshold change for unhosted wallets
UK MLR 2017 was amended in September 2023 to set a GBP 1,000 threshold for enhanced due diligence on transfers to or from unhosted wallets. FCA-registered firms must implement source-of-funds verification and risk-based monitoring on transfers below the threshold but above the firm's own risk appetite.
How Legichain solves them
On-chain risk scoring with sub-500 ms latency
Our blockchain AML engine scores addresses across five canonical risk dimensions (sanctions, mixer, darknet, ransom, scam) on Bitcoin, Ethereum, Tron, Polygon and BSC. P95 latency is 280 ms at the wallet-screen endpoint. The risk model returns both a numeric score (0-100) and the underlying cluster evidence so your analyst team can defend a decision in writing.
Travel Rule with multi-protocol bridging
Our Travel Rule layer (VaspFlow) speaks TRP, Sygna Bridge, OpenVASP and TRISA natively. When your counterparty's protocol differs from yours, we bridge in IVMS 101 format on your behalf. We hold pre-onboarded directory entries for the major exchanges across EU, UK, Singapore, Hong Kong and the US, so first-message latency on common counterparties is under 2 seconds.
Real-time decision engine with rule customisation
Risk decisions (allow, hold, escalate, reject) are configurable per jurisdiction and per customer tier. Default rule packs ship for MiCA, UK MLR 2017 (including the September 2023 amendments), MAS Notice PSN02 and Turkish KVHS. You can override any threshold from the panel; all rule changes are versioned and audit-logged for the regulator.
Digital KYC sized to retail volume
NFC chip authentication for fast retail onboarding, ICAO 9303 document verification, ISO/IEC 30107-3 PAD Level 2 liveness and live video for higher-tier limits. Our retail onboarding flow completes in under 90 seconds end-to-end on mobile, with documented compliance against the EBA Remote Onboarding Guidelines and the FCA's Crypto Registration application requirements.
What you get out of the box
- On-chain risk scoring on five chains with sub-500 ms latency
- Pre-trade rejection of ransomware, sanctioned and mixer endpoints
- NFC and document KYC for retail; live video for higher tiers
- Travel Rule via VaspFlow with TRP, Sygna, OpenVASP and TRISA bridging
- MiCA, FCA and KVHS reporting blueprints wired into the panel
- Webhook-driven approval chain for deposit and withdrawal workflows
Regulatory coverage
Legichain's crypto stack is built directly against the frameworks an authorised CASP reports under in 2026. EU MiCA and TFR are first-class citizens; UK MLR 2017 (including the September 2023 unhosted-wallet amendments) is supported on the same surface; Turkish KVHS-authorised operators use the same engine with localised reporting.
MiCA (Reg. EU 2023/1114)
Authorisation file controls for CASPs under MiCA Title V from 30 December 2024: documented transaction monitoring, sanctions screening, market abuse surveillance, customer due diligence and complaints handling, all wired into the default workflow.
TFR (Reg. EU 2023/1113)
Travel Rule data exchange for crypto transfers above the EUR 1,000 threshold, including the more stringent requirements for transfers involving unhosted wallets. IVMS 101 message format, multi-protocol bridging, full audit retention.
UK MLR 2017 (amended September 2023)
FCA-registered cryptoasset firms get the GBP 1,000 unhosted-wallet enhanced due diligence threshold implemented on the same engine, with the JMLSG Sector 22 Travel Rule guidance applied at the messaging layer.
FATF Recommendation 16 and Turkish KVHS
FATF Recommendation 16 baseline for jurisdictions without local Travel Rule legislation, plus full support for Turkey's KVHS framework once the implementing communiqué is published — same engine, localised reporting templates and Turkish-language analyst panel.
Frequently asked questions
How does Legichain handle the Travel Rule sunrise problem in practice?
Sunrise happens when your counterparty VASP is in a jurisdiction that has not yet enacted Travel Rule legislation, or speaks a different protocol than you do. We address it in two ways. First, multi-protocol bridging: VaspFlow speaks TRP, Sygna Bridge, OpenVASP and TRISA natively, so a protocol mismatch does not break the message. Second, structured fallback: when a counterparty cannot receive a Travel Rule message at all, we record the attempt, the response and the risk-based decision to proceed or hold, in a format your supervisor will accept as evidence of best-effort compliance under FATF Recommendation 16 paragraph (b) and (c).
Which blockchains does Legichain's wallet screening cover?
At the time of writing: Bitcoin, Ethereum (including all major EVM L2s — Arbitrum, Optimism, Polygon, Base), Tron, BSC and Solana. Sanctioned-address coverage is unified across these chains; mixer, darknet, ransomware and scam clustering is chain-specific and updated daily. We are adding TON and Sui in 2026 Q3. If your exchange supports a chain we do not currently cover, our enterprise contract includes a chain-addition SLA — typically 6-10 weeks for a new EVM chain, longer for novel consensus models.
Does the screening engine work for unhosted wallet transfers under the new UK MLR thresholds?
Yes. Since the September 2023 amendments to UK MLR 2017, FCA-registered firms must apply enhanced due diligence on transfers to or from unhosted wallets above GBP 1,000. Our wallet-screen endpoint flags unhosted addresses (those not linked to a known custodial or VASP cluster) and surfaces the source-of-funds documentation requirement at the relevant threshold. The rule pack ships pre-configured to JMLSG Sector 22 guidance; you can lower the threshold for your own risk appetite.
How does Legichain prepare a CASP for the MiCA authorisation file?
The MiCA authorisation file (Article 62 of the Regulation) expects documented controls for transaction monitoring, sanctions screening, market abuse surveillance and customer due diligence. We provide a control-mapping document that maps each MiCA Article 62 requirement to the specific Legichain feature, configuration option and audit log that demonstrates compliance. Three of our existing customers have used this mapping document directly in their AMLA submissions; we can introduce you to one of them as a reference under a mutual NDA.
Can we run Legichain in the Turkish market under KVHS once the implementing communiqué is published?
Yes. The Legichain platform is already operational in Turkey under the existing MASAK framework. Once Turkey's KVHS implementing communiqué is published, our engine will support the additional reporting requirements with no platform change required from your side. The analyst panel is fully Turkish-localised, the audit archive complies with the expected data-localisation language, and our compliance editorial team tracks the KVHS legislative pipeline weekly.
Related reading
Pillar guide to on-chain risk scoring, wallet screening methodology, cluster analysis and the canonical risk dimensions used by analytics vendors.
Practical walkthrough of the on-chain risk signals a wallet-screen API surfaces, with sample API calls and decision-rule examples.
Definitive guide to FATF Recommendation 16, the IVMS 101 data standard, the sunrise problem and practical implementation patterns for VASPs.
A practical roadmap to the EU's Markets in Crypto-Assets Regulation for CASPs, with authorisation timelines, scope and supervisor expectations.
Be screen-ready in an afternoon.
Spin up a free workspace, paste your first API key into a curl, ship a verified onboarding flow before your next stand-up.