Crypto compliance operational checklist (2026 edition)
A field-tested checklist covering the 28 operational tasks every crypto compliance team should have in place.
Onboarding and KYC
Identity verification for new customers. PEP and adverse-media screening. Source-of-funds evidence. Beneficial-ownership mapping for corporate customers. Sanctions screening at onboarding. Risk-rating assignment.
Transaction screening
Daily SDN list refresh. Daily OFSI Consolidated refresh. Daily EU Financial Sanctions refresh. Real-time risk-based pre-withdrawal screening. Counterparty attribution check on inbound transfers. Travel Rule counterparty data exchange.
Ongoing monitoring
Periodic rescreening (every 30 days minimum). Customer risk-rating review (annual for low, semi-annual for medium, quarterly for high). Unusual pattern detection. Source-of-wealth refresh for high-risk customers.
Case management
Documented triage workflow with SLAs. Escalation matrix to MLRO. Evidence retention (at least 5 years). SAR filing procedure. Record of dispositioned alerts with reasoning.
Governance
Annual risk assessment. MLRO appointment with named deputy. Staff training (induction and annual). Independent review every 24 months. Board-level reporting at least quarterly.
Data protection
Privacy Policy and Cookie Policy published. DPO designated (where required). Records of Processing Activities. Data retention schedule. Incident response plan. Regulator contact details.
