Hey there! In this post, we’re sharing a super useful RFP template specifically for blockchain wallets, tailored for decision-makers like you. Plus, we’ve got a great collection of questions to help you dive into blockchain analytics and intelligence tools. Check it out! We've made some updates to reflect all the changes in regulations, accounting, and products coming in 2025-2026. This way, you can be sure your procurement practices are in line with the current risks, features, and responsibilities. It's all about keeping you on the right path!

Blockchain Wallet RFP Template and RFP Questions for Blockchain Analytics and Blockchain Intelligence Tools

Leaders who are sticking to those old-school 2022 RFPs for wallets and analytics are definitely overlooking some big changes. So, you know how the EU is really stepping up its game with the Travel Rule? And over in the U.S., there are some fresh regulations coming into play too. You've got the accounting and custody regulations shaking things up, Ethereum's Pectra upgrade (EIP-7702) making waves, and some serious progress from leading analytics vendors. These are all real game-changers in the world right now!

We’ve created a handy, detailed template just for you, designed specifically for procurement in 2026. It’s all set to make your life easier! Also, we're excited to share the exact questions we include in our client RFPs over at 7Block Labs! If you want to dive deeper into the EU regulations, just click here. You’ll find all the info you need!

Why your RFP needs an update in 2026

Hey, just a heads up! The EU Travel Rule is now officially in action. Since December 30, 2024, the European Banking Authority (EBA) has rolled out some pretty detailed guidance on what information you need to share. So, if you're traveling or dealing with transactions, make sure you're up to speed on those requirements! Hey, just a heads up! Starting December 30, 2025, there are going to be some extra EBA guidelines for PSPs and CASPs when it comes to screening for restrictive measures. Just something to keep in mind! Just a quick reminder to check that your vendors can prove they're on top of both of these! You can find more info at EBA's website.

Over in the States, So, just a heads up--if you’re part of a calendar-year business, fair-value accounting (thanks to FASB ASU 2023-08) is going to be your new norm starting January 1, 2025. So, what this really means is that you’ll need to refresh your treasury controls, update your valuation methods, tweak your disclosures, and make sure your audit trails are all set up to work with your wallet. Plus, with the rollback of SAB 121, banks are now in a much better position when it comes to custody. As you're putting together your RFP, don't forget to ask for fair-value data exports and logs that auditors will find easy to work with. It's a small detail, but it can make a big difference down the road! (dart.deloitte.com).

Hey there! So, Ethereum is gearing up for some pretty cool updates. Mark your calendars for May 7, 2025, because that’s when the Pectra mainnet is set to launch, and it’s coming hand in hand with EIP-7702. Exciting times ahead! This is going to make smart, policy-driven controls standard practice, even for regular accounts. This is definitely going to shake things up when it comes to what “wallet governance” has to handle right from the start. (blog.ethereum.org).

Oh, the whole situation with sanctions has changed a lot lately! Back in March 2025, Tornado Cash got removed from the SDN list after a decision from the Fifth Circuit. It’s pretty interesting how these things evolve, isn’t it? Your analytics provider really needs to stay ahead of these changes and promptly update their risk scoring and audit evidence. (reuters.com).

Analytics tools have seriously stepped up their game! TRM has now broadened its reach to cover 100 different chains. Plus, they’ve introduced this cool “glass box” PKH clustering and a universal wallet screening feature. It’s pretty impressive! Elliptic has officially surpassed the milestone of 50 blockchains! Meanwhile, Chainalysis is stepping up its game with some exciting new tools. They’ve launched Alterya and Hexagate for real-time fraud and hack prevention, plus they've given Reactor a fresh new look. Just a heads up--make sure you're picking up supplies that match these new capabilities. (trmlabs.com).

Wallet RFP template (copy/paste)

Alright, let’s stick with the YAML and checklist style! This way, it’ll be super easy for vendors to respond, and we can compare everything without a hassle.

Here’s the plan:

vendors:
  - name: "Vendor 1"
    checklist:
      - item: "Quality of materials"
        response: "Yes/No"
      - item: "Delivery time"
        response: "Fast/Standard/Slow"
      - item: "Customer support"
        response: "Good/Average/Poor"
  
  - name: "Vendor 2"
    checklist:
      - item: "Quality of materials"
        response: "Yes/No"
      - item: "Delivery time"
        response: "Fast/Standard/Slow"
      - item: "Customer support"
        response: "Good/Average/Poor"

This framework helps keep all the info clear and straightforward. Let’s make it work for us!

rfp:
  title: "Institutional Digital Asset Wallet & Governance Platform"
  issuer:
    company: "YourCo"
    jurisdictions: ["US", "EU", "SG"]
    assets_in_scope: ["BTC", "ETH", "USDC", "SOL", "TON", "ARB", "OP"]
  requirements:
    security_architecture:
      key_management:
        models_supported: ["MPC", "Multi-sig", "HSM-backed MPC", "Cold vault"]
        enclaves_hsm: ["Intel SGX", "AWS Nitro Enclaves", "FIPS 140-3 HSM"]
        certifications: ["SOC 2 Type 2", "SOC 1 Type 2", "ISO 27001/27017/27018", "CCSS Level 3"]
        recovery:
          disaster_recovery_rto: "≤ 4 hours"
          rpo: "≤ 15 minutes"
          recovery_without_vendor: true
      governance_policy_engine:
        rules:
          - value_limits: {per_tx: "$250k", daily: "$5m"}
          - velocity_controls: {per_asset: true}
          - destination_controls: {allowlists: true, blocklists: true, tags: ["mixers", "sanctioned"]}
          - role_based_approvals: {quorum: "M of N", geo_diversity: true}
        enforcement_layer: ["on-chain (smart account)", "off-chain (custody engine)"]
        api_first: true
    compliance_integrations:
      travel_rule:
        providers_supported: ["TRISA", "21 Analytics", "Notabene", "Sygna"]
        pii_encryption: ["mTLS", "DID-based key exchange"]
        unhosted_wallet_proof: ["AOPP", "message signing", "micro-transaction"]
      analytics_screening:
        pre_tx: true
        indirect_risk_detection: true
        universal_wallet_screen: true
    chain_asset_support:
      chains_minimum: 30
      auto_token_support_evm: true
      staking:
        networks: ["ETH", "SOL", "ATOM", "TIA"]
        custody_of_withdrawal_credentials: true
    operational_controls:
      audit_logs:
        immutability: true
        export_formats: ["CSV", "JSON", "Syslog", "SIEM"]
        retention_years: 7
      sso_saml_oidc: true
      scim_user_provisioning: true
    accounting_reporting:
      fasb_fv_exports: ["positions", "lots", "fair_value", "PnL"]
      period_close_cutoff_minutes: 30
  vendor_response:
    implementation_timeline_days: 45
    references:
      similar_clients: 3
      regulated_entities: true
    sla:
      uptime: "99.95%"
      support_response:
        p1: "15 min"
        p2: "1 hour"
      data_freshness_minutes: 5

Checklist for Attachments Vendors Must Provide:

Business License: Don’t forget to attach a copy of your current business license. It’s just a way to prove that you’re good to go and ready to roll!
Certificate of Insurance: Just a quick reminder that we’ll need to see your liability insurance. Make sure to include all the important coverage details, okay? Thanks!
W-9 Form: Make sure to fill this out for tax reasons. It's pretty important! This keeps us on the right side of the IRS.
References: We love hearing from folks you’ve worked with before! If you could share a couple of references who can speak to your work, that would be awesome.
Portfolio: This is your chance to shine! Put together a portfolio that really shows off your best work and highlights your experience with any relevant projects. We can’t wait to see what you’ve accomplished!
Pricing List: It would be great if you could share a detailed pricing list. That way, we can get a better idea of what to expect for costs!
Terms and Conditions: Could you please send over your usual terms and conditions? Thanks! It really helps to lay everything out from the beginning. That way, everyone knows what's expected right off the bat.
Compliance Documents: If there are any legal or industry compliance papers we should keep in mind, feel free to toss those in as well!
Experience Overview: It’d be great if you could give me a quick rundown of your experience! Just a few details about the kinds of projects you've tackled and what you’re really good at would be awesome.

If you have any questions while you're putting those documents together, just give me a shout! I'm here to help!

Alright, so here’s the deal: make sure you’ve got your security certifications in order. You’ll want to have things like SOC 2 Type 2, ISO 27001/17/18, and CCSS L3 all squared away. Oh, and don't forget to include a brief summary of your penetration tests and some architecture diagrams. Those diagrams should clearly show the boundaries for MPC, HSM, and TEE. Just a heads up! Hey there! Just a quick reminder to share some proof of your Travel Rule integrations. It’d be great to see how you handle the workflow for PII encryption too. Also, don’t forget to explain how you verify ownership of unhosted wallets and let us know what kind of automation rates you’re currently experiencing. Thanks! Hey, it's super important to set up a pre-transaction screening process with your analytics provider(s) before diving into any transactions. Make sure you go over your rules for indirect exposure, and don’t skip those “fail-closed” behaviors, either. They’re important! Don't forget to have some solid proof of accounting-grade exports ready. They'll be useful for your FASB ASU 2023-08 disclosures and audit workpapers. So, make sure everything's in order!

Finally, could you give me a few examples of your policy-engine rules that fit well with your risk thresholds? Alright, let’s take a look at how you keep track of these rules, how you sign off on them, and any logs you have for changes. I'm curious to see your process! (fireblocks.com).

What “Good” Looks Like Today:

Today, the idea of what it means to be “good” has really changed. Let’s dive into what a lot of folks see as the signs of goodness. Here’s a breakdown of those key markers:

1. Sustainability

More and more folks are really starting to put eco-friendly practices at the top of their lists. Sustainability is really at the core of what we consider "good" these days, whether it’s about cutting down on waste or opting for renewable energy sources. Brands that genuinely care about the environment usually gain a lot more respect and loyalty from their customers.

2. Inclusivity

Being truly inclusive isn't just a trendy phrase--it's absolutely vital. Great organizations really value diversity in their teams and work hard to create a space where everyone feels included and appreciated. It's not just about how they hire people; it also encompasses the way they engage with their communities.

3. Transparency

These days, people really value transparency from companies and organizations. When it comes to things like sourcing materials, pricing, or labor practices, being straightforward really helps build trust and credibility. People appreciate honesty, and it goes a long way in creating strong relationships.

4. Mental Health Awareness

Being good is all about backing mental health initiatives and encouraging overall well-being. Companies that see how crucial mental health is and actually offer resources or support are really paving the way forward.

5. Community Engagement

Giving back to the community really stands out as a true sign of kindness these days. People who get involved in their communities--whether it’s through volunteering, making donations, or partnering with local groups--tend to be seen in a better light. It’s great to see individuals stepping up and making a difference!

6. Innovation

Embracing change and pushing the limits of technology and services? Now that’s a clear sign of something great happening! People really value it when companies are innovative and always looking for ways to grow and tackle new challenges.

To wrap it up, being “good” these days really comes down to making a positive difference in the world, building meaningful connections, and working towards a brighter future for all of us. It's all about taking a well-rounded approach that cares for more than just making money; it really values people and the planet, too.

Fireblocks is really something! They've got some impressive credentials, like CCSS Level 3 and ISO 27001/17/18 certifications. Plus, they’ve earned SOC 2 Type 2 status, which is no small feat. On top of that, their SGX-backed MPC-CMP and governance policies come with built-in compliance checks. It's clear they take security and compliance very seriously! If you’re curious about anything, feel free to ask for proof or details about enclave attestation. I'm here to help! (fireblocks.com). BitGo’s got your back! They offer top-notch custody services, along with solid SOC 1 and 2 reports, and even throw in up to $250 million in insurance for peace of mind. They've got multi-sig and MPC options available, plus they're recognized by the NYDFS and OCC. This could really matter if you're looking for top-notch bank-level controls or if you're into the idea of ETF-style segregation. (bitgo.com). If you’re trading on centralized platforms, it might be worth looking into an off-exchange settlement model, such as ClearLoop. This can help you lower the risk of exchange credit while also keeping your collateral safe and sound. Don’t forget to make vendor API support a must-have and lay down some clear policy guidelines for how we’ll handle this. (financefeeds.com).

Blockchain analytics/intelligence RFP question bank

Ask these key questions. We're really looking to dive deep into things like depth, transparency, coverage, and how seamlessly it integrates into operations--not just skimming the surface with a basic demo graph. It’s all about getting a solid understanding, you know?

1) Coverage and Data Freshness

Hey, just curious--how many chains are we actually supporting at the moment?
How does tracing and forensics stack up against wallet screening and transaction monitoring? So, what's the scoop with the SLA regarding block ingestion? And how are we dealing with token auto-support for those new EVM deployments?

Hey there! Could you put together a list for me? I’m looking for a rundown of chains that provide “enhanced” tracing compared to those offering just “basic” screening. It’d be super helpful to know how often each of them refreshes their data, too. I’m hoping to see at least 40 chains with enhanced tracing and around 90-100 that do near-real-time screening. Thanks a bunch! Take a look at this: trmlabs.com. It’s pretty interesting!

2) Attribution Quality and “Glass Box” Clustering

So, what kind of clustering methods does your product showcase? You know, things like PKH clustering across different chains, those peeling chain techniques, or maybe some change-address heuristics? Can investigators actually see these methods? Sure thing! Let's break it down a bit. False positives are cases where a test or system wrongly indicates a condition is present when it’s actually not, while false negatives are when a test misses a condition that is present. Both can be pretty tricky to navigate.

Now, if you’re looking for some real-life examples, it might help to consider how machine learning can sometimes mislabel data. For instance, a computer vision model could identify a cat as a dog (that's a false positive) or fail to recognize a cat at all, thinking it's a completely different animal (and that's your false negative). When it comes to confidence scoring, that’s like the system saying, "I’m 80% sure this is a dog." If it’s wrong, you can see how that could lead to some confusion!

At the moment, we’re seeing TRM putting a spotlight on PKH clustering and glass-box attributions, which is great! It would be awesome to see other players in the industry follow suit and show that kind of transparency. It really helps everyone understand what’s going on behind the scenes. Take a look at this: chainanalysisinvestigation.com. You’ll find some interesting stuff there!

3) Indirect Risk and Cross-Chain Pathing

Hey there! Just curious, are you diversifying your risk a bit beyond just direct connections, especially when it involves bridges and hop chains? Also, what kind of algorithms are you using that don’t really depend on specific paths? Let’s jump into how they figure out indirect exposure on Solana, Optimism, and Polygon. Plus, we’ll see if there’s a way for you to tweak those thresholds a bit. If you’re curious and want to dive deeper into the details, check it out here. It's a great read!

4) Sanctions and Regulatory Shifts

Hey there! I’m curious--when you hear about changes, like the Tornado Cash delisting, how quickly do you incorporate those updates into your screening processes? Also, how do you manage to keep track of historical statuses for your casework? It would be super helpful to have timestamps and audit trails included in that. Thanks! (reuters.com).

5) DeFi/NFT/DEX/MEV Coverage

Hey there! So, you’re curious about which DEX routers, mixers, privacy pools, bridges, and NFT marketplaces have identifiable entities, right? That’s a great question!

As for that Uniswap issue with “unlabeled” pools, it can be a bit tricky. Those pools don't have any clear labels or identifiers, which makes tracking them harder. One way to tackle this is by digging into transaction history and activity to see if there are patterns or notable trades that could give us some clues.

If you have specific platforms in mind or need more details, feel free to ask! Sure thing! Here are some handy methods for labeling MEV (miner extractable value) bots and tips on how to spot wash trading:

Transaction Analysis: Start by digging into transaction patterns. If you notice a bunch of trades happening in quick succession, especially between the same wallets, that could be a red flag.
Fee Tracking: Keep an eye on the gas fees. MEV bots often pay a premium for gas to get their transactions processed first. So, if you see unusually high fees for certain trades, it might be worth investigating further.
Wallet Clustering: Check if multiple wallets are linked to the same entity. If you find that certain wallets consistently trade with one another, it could indicate wash trading.
Volume and Price Correlation: Watch the price movement relative to trading volume. If there’s a sudden spike in volume without a corresponding price change, that's a telltale sign of wash trading.
Bot Behavior Patterns: Look out for specific patterns that are common among MEV bots. These might include very rapid transaction times or certain predictable trading strategies.
Use of Analytics Tools: There are quite a few tools out there that can help you track and analyze trading patterns. Tools like Dune Analytics or Nansen can give you deeper insights into wallet interactions and trading behaviors.
Community Insights: Sometimes, just asking around in relevant forums or communities can shed light on suspicious activities. Other traders often share their findings or suspicions about certain patterns.

By keeping these methods in mind, you’ll be better equipped to spot those sneaky bots and wash trading antics in no time!

6) TON, Hyperliquid, ZK, and L2 ecosystems

Hey there! Just wanted to check if you're supporting TON, Hyperliquid L1/L2, zkSync, Linea, Mantle, World Chain, Gnosis, and XRPL EVM. If you are, could you share when you started supporting each of them? It’d also be awesome if you could point out any gaps in coverage. Thanks a bunch! If you're looking to dive deeper into the details, you can check it out here.

7) Case Management and Automation

Hey there! Quick question--can we run universal wallet screening across all chains with a single call? And what about sending alerts and rules to our wallet policy engine using an API? If you're curious, you can dive deeper into this topic here: trmlabs.com.

8) Prevention, Not Just Investigation

So, what kind of signals can we tap into to dodge potential problems? Well, there's a bunch of stuff we can keep an eye on, like phishing attempts, malware, shady scam websites, and early warnings for protocol exploits. Plus, we can set up transaction simulation gates to help us steer clear of trouble before it hits. Chainalysis has joined forces with Alterya and Hexagate to bring you some top-notch fraud and hack prevention. Together, they're all about keeping things secure and staying one step ahead of potential threats! You might want to check in with your competitors and see if they're offering anything similar. It could give you some good insights! If you want to dive deeper into this topic, feel free to check it out here!

9) Model Governance and Exportability

Hey! Just a quick reminder to export your graph evidence in formats like JSON or CSV. Make sure to include clear versioned attributions, and don’t forget to explain why you chose the specific clustering method. This way, everything will be all set for any court or regulatory review. Hey, just a quick reminder--make sure to include some solid data-lineage documentation and retention schedules as well! It's super important to keep everything organized. Thanks!

10) Training and TTV

Hey, have you ever wondered what kind of investigator training options are available? You should definitely take a look at the TRM Academy modules, especially if you're interested in TON, Solana, or TRON. They’ve got some pretty solid resources! Let’s chat about those time-to-value expectations. Ideally, we want them to be measured in weeks, not stretched out over months. For more info, just check this link here. You'll find all the details you need!

11) EU Restrictive Measures and Travel Rule Alignment

Hey there! So, let's chat about how the platform makes it easier to handle screening policies for EU restrictive measures that affect CASPs, as well as those EBA Travel Rule guidelines. It's pretty cool, right?

First off, it tackles those pesky workflows where information might be missing or incomplete. We all know how frustrating that can be! The platform streamlines this process, so you’re not left scratching your head wondering what information you still need.

Plus, it takes care of self-hosted address checks, which adds another layer of security and efficiency. Overall, it's designed to make your life a bit easier while keeping everything compliant and in check. Pretty handy, if you ask me! Hey, make sure to highlight those templates and audit logs! They’re pretty cool. If you’re looking for more details, you can check them out here. It’s worth a look!

12) Pricing and TCO

Hey, make sure to take a look at the different volume tiers for screening and monitoring. You'll also want to check out the info on overage pricing, case storage fees, and what happens if you decide to add any extra chains--there might be some penalties involved. Don't forget to ask for a complete TCO worksheet that includes all the details!

Travel Rule procurement notes (CASP/US MSB ready)

What you need to do: Make sure your wallet is set up to safely send personal info when chatting with other people and can manage proofs for unhosted wallets, like AOPP or signed messages. 21 Analytics is all set to help you out with AOPP and some really useful automation tools. On the other hand, TRISA offers a cool peer-to-peer Global Directory that's backed by CA, which uses mTLS certificates for extra security. Take a look at their site at 21analytics.co. You might find something interesting there!
Interoperability and rules: Notabene has this cool rules engine that takes care of most transfers by automatically approving or denying them. Plus, they provide a handy directory for counterparty VASPs, making the whole process smoother! When you're talking to vendors, it’s a good idea to ask them how they manage “incomplete data” and navigate those tricky local rules before the funds start flowing. It’ll give you a better understanding of their approach and how they tackle those unique challenges. Fireblocks and Notabene have teamed up to create some really useful integration patterns that you might want to check out. For more details, just check out devx.notabene.id. You'll find all the info you need there!
EU specifics: As you draft your RFP, make sure it lines up with the EBA Travel Rule Guidelines. Just a heads up, those are set to kick in on December 30, 2024! Oh, and don’t forget to watch out for those new restrictions coming into play on December 30, 2025. It’s definitely something to keep in mind! Make sure to check in with your vendor and ask them if they have a system in place for screening circumvention patterns according to EBA guidelines. It’s always good to get that proof so you know they’re on top of things! If you’re looking for more info, check out eba.europa.eu. You’ll find all the details you need there!

Example reference architecture (wallet + analytics + Travel Rule)

Custody/governance: We're going with Fireblocks' MPC and storing key shares in their SGX enclave. We make decisions based on specific policy rules that get the green light from a group of admins. Plus, we've set up API-driven approvals to streamline the whole process. Check it out here.
Screening and Forensics: We use TRM to screen universal wallets on around 90 to 100 different chains. This includes stuff like PKH clustering and digging into indirect risks on platforms like Solana, Optimism, and Polygon. It's a big part of how we keep things secure and understand the landscape. Plus, Chainalysis Hexagate has our backs by helping us catch and shut down any sketchy contract interactions before they even get a chance to unfold. If you want to dive deeper into the details, just click here. You'll find plenty of useful information!
Travel Rule: Great news! We’ve got our TRISA GDS certificate lined up, along with 21 Analytics (AOPP) ready to validate those unhosted wallets. Notabene's rules are pretty efficient! They automatically give the thumbs up to about 98% of requests, while any exceptions get sent up the chain for closer inspection. Plus, they keep personal information secure by managing encryption keys safely through DID. If you want more info, just take a look at this link.
Off-exchange settlement: We’re leveraging Copper's ClearLoop for trading across various connected platforms, all while ensuring that our collateral stays safe and secure in custody. This definitely helps lower the credit risk coming from exchanges. If you want to dive deeper into this topic, you can check it out here. Happy reading!

Emerging best practices to bake into requirements

Account-Level Policy with EIP-7702: We're aiming to implement spending limits for both smart accounts and EOAs, introduce paymasters, and establish a recovery plan directly at the account level. Vendors should share how their wallet policies line up with EIP-7702 authorizations and what their process looks like for handling rollbacks or revocation. Check it out here.
Default Indirect Risk: We should really take a moment to ensure we’re on top of things by reducing risk for addresses that are two to five hops away. This includes looking beyond just our immediate connections--let's also think about cross-chain interactions and bridges. It’s all about being thorough! We’ll definitely need some straightforward explanations on how that pathing is set up. Learn more here.
Real-time prevention: Our goal is to spot any signs of fraud or exploitation before we even put pen to paper. Our analytics should help us spot potential issues early on and let us run simulations to stay ahead of the curve. If you want to dive deeper into the topic, check it out here.
EU Restrictive Measures Operations: Make sure to keep a record of your screening datasets, performance reviews, and any efforts to prevent circumvention, all in line with the EBA guidelines. It's crucial to stay on top of this stuff! Check out all the nitty-gritty details here. You'll find everything you need to know!
FASB Fair-Value Close: Alright, we’re going to need those fair-value exports sorted by asset and lot. Let’s also grab some intraday snapshots along with audit logs. Ideally, we want to have all of this wrapped up within about 30 minutes after the period closes. Thanks! Get the specifics here.

In‑depth RFP questions (copy/paste)

Security and Governance

Let’s dive into what MPC, HSM, and TEE are all about and see how they differ. We should definitely check out the FIPS-140-3 modules, and don’t forget to consider the attestation evidence from SGX and Nitro. Plus, we need to look into how those key shares are spread out across various locations.

It's really crucial to understand how policy rules are handled--like, how they're stored, signed, and executed within those enclaves. We'll also dive into the change-control logs and tamper evidence to make sure everything's locked down and secure. If you're looking for more in-depth info, just swing by developers.fireblocks.com. It’s got everything you need!

Compliance and Travel Rule

Alright, so let’s chat about the Travel Rule protocols and directories we've got your back on. We’re looking at TRISA GDS, TRP, and IVMS101. Those are the ones in our corner! Make sure to take a look at the details on message-level encryption and how we manage those key rotations for personally identifiable information (PII).

So, when it comes to showing proof for unhosted wallets, we actually have a pretty slick and automated system in place using AOPP and signed messages. We're also keeping tabs on the average turnaround times and any backup options we've got. If you’re looking for more details, check out trisa.dev. It's definitely worth a look!

Analytics Integration

Who are your favorite analytics providers? Also, what steps do you take to make sure you have a “fail-closed” strategy for those high-risk hits? And how do you handle the whole historical delisting and relisting thing? If you want more info, take a look at this article: (reuters.com).

Coverage and Freshness

Hey there! If you're looking for better tracking, make sure to check out the chain coverage tables. They’re way more effective than just relying on screening! Hey there! Just wanted to share the latest update: we've got the addition dates for TON, Hyperliquid, World Chain, zkSync, Linea, Mantle, Gnosis, and XRPL EVM. Exciting stuff ahead! If you want to dive deeper into the details, check it out here. It's a great resource!

Attribution Transparency

Can investigators figure out which clustering heuristic--like PKH, peeling, or change--is used for an attribution and how confident they can be in it? Also, don't forget to add some screenshots and export samples to illustrate! Check it out here.

Prevention

Here are some important things to keep an eye on: watch out for phishing attempts, scams, and any weak spots in protocols. These can really throw a wrench into transactions. No need to stress! We've got a solid policy engine and some efficient signer workflows set up that really help us tackle these issues head-on. If you want to dive deeper into this topic, be sure to take a look at this article from Chainalysis. It has some great insights on real-time fraud detection, hack prevention, and compliance--definitely worth your time! You can find it here: Chainalysis article. Enjoy reading!

Accounting and Audit

Make sure to put together those fair-value CSV/JSON files and reconciliation reports that meet the ASU 2023-08 footnote disclosure standards. Just include the necessary details like name, units, cost basis, fair value, and any restricted balances. Take a look at this link: dart.deloitte.com. It’s got some great info!

Short vendor scoring rubric (customize)

Security and Governance (30%): This is all about the nitty-gritty details, such as certifications, enclave or HSM attestations, having a strong recovery plan in place, and just how solid your policy engine really is. We're looking for that extra layer of protection and assurance.
Coverage and Analytics Quality (25%): Here, we're looking at how extensive and detailed your entire network is, including those tricky indirect risks. It also involves how well you can group similar issues (we call that glass-box clustering) and, of course, those crucial prevention signals that help keep everything on track. If you want to dive deeper, take a look at this link: (trmlabs.com). It’s got all the juicy details you need!
Compliance/Travel Rule Readiness (20%): This part focuses on how prepared you are for the EU Travel Rule. We're looking at your workflows, how well you screen for any restrictive measures, and how you handle unhosted proofs. If you want to dive into the details, check this out: EBA Guidelines on Transfers of Funds. It's got all the info you need!
Accounting and Reporting (15%): We're talking about fair-value exports, thorough audit logs, and really responsive support to help you out. If you want to explore more about this topic, check out this link: dart.deloitte.com. It’s got some great insights!
Implementation/SLA (10%): This part's all about things like Time to Value (TTV), having a universal screening API, response times for P1 issues, and making sure your data stays up-to-date. Learn more here: (trmlabs.com).

TON Onboarding: So, if your app relies on Telegram for its distribution, don't forget to incorporate TON tracing and check those wallet stats in your analytics. It's super important! Don't forget to check out indirect exposure through bridges in your policy engine too! It's a good idea to run some tests on that. TRM has jumped on board with TON support and has really stepped up their game by adding coverage for 100 different chains! If you want to dive deeper into this topic, you can check it out here. It’s got some really interesting insights!
Hyperliquid/World Chain pilot: If you’re diving into any perpetual contracts or working on those identity-gated L2 pilots, make sure you’ve got proof of analytics coverage lined up and that automatic token support is ready to go. Just a heads up--both Chainalysis and TRM are on board with this! So, make sure to keep those capture dates in mind when you're figuring out your acceptance criteria. If you want to dive deeper into the details, you can check them out right here.
Reducing credit risk in trading: If you're into active trading, it's smart to think about off-exchange settlement options. Something like ClearLoop can really help you out with that. It’s a good idea to set your policy rules so that direct exchange withdrawals are blocked unless the venue is connected through the settlement network. This adds an extra layer of security and helps keep things running smoothly. If you're curious to dive deeper into this, you can check it out here. Happy reading!
Sanctions volatility drills: It’s a good idea to do a tabletop exercise that mimics what happens when there are changes in designations. You’ll want to make sure you’re ready to update screenings right away and keep historical records in mind too. A great example to look at is the Tornado Cash delisting situation. If you're looking for more details, take a look at this article from Reuters right here: check it out!. It’s got a lot of great info!

Common pitfalls we still see

"Just check it out during the withdrawal process." "Whoa, that’s cutting it really close! We definitely need to push for pre-transaction screening for both the sender and the receiver. It's super important!" It's really important that we focus on universal wallet screening and keep an eye on any indirect risks that might pop up across different chains. Want to dive deeper into this? Head over to trmlabs.com for more insights! Just saying "We cover X chains" without mentioning any tiers really doesn't do the job.
We really need to nail down some clear tiers for tracing versus screening. It’d also be helpful to establish Service Level Agreements (SLAs) and set out some timelines. This way, we’ll have a better handle on everything moving forward! Want the inside scoop? Check it out over at trmlabs.com! You won't want to miss this!
We really can’t brush off the EU's guidelines on restrictive measures any longer. Things have really gotten detailed when it comes to what's required for screening systems, data sets, and the potential for people trying to get around the rules. It's definitely time we start asking for some solid proof that these are actually being put into action the right way. For more details, check this out: eba.europa.eu. You'll find some interesting insights there!

Next steps

Feel free to grab that YAML template and checklist and drop them straight into your RFP portal! Hey, just a quick reminder to ask the vendors for a few things: make sure they include those certification letters, the chain coverage matrices with the dates, and some sample audit exports for ASU 2023-08. Thanks! Alright, first things first: let's narrow it down to just two wallet vendors and two analytics vendors. After that, we can dive into a 30-day pilot. During this trial, we’ll run through some scripted scenarios, including TON inflows, bridge-mediated risks, off-exchange settlements, and the whole Travel Rule unhosted proof thing. Sound good?

Need an honest review session? 7Block Labs is here for you! You can check out vendor responses with this handy template, and then get started on a 3-week pilot script that’s customized for your chains and workflows. It'll help you see how everything fits together!