Video: Know Your VASP: Comprehensive Risk Assessments for Informed Decision-Making | Duration: 3380s | Summary: Know Your VASP: Comprehensive Risk Assessments for Informed Decision-Making | Chapters: Welcome and Introductions (26.325s), Blockchain Data Fundamentals (159.525s), Understanding VASP Exposure (683.735s), VASP Risk Assessment (1213.785s), VASP Risk Assessment Demo (1448.985s), VASP Risk Assessment (2394.6902s), Smart Contract Security (2675.84s), API Availability Discussion (2821.865s), Risk Score Updates (2884.615s), VASP Integration Questions (2958.9001s), Wallet Attribution Challenges (3097.4302s), Concluding Remarks (3170.885s), Concluding Q&A Session (3273.52s)

Transcript for "Know Your VASP: Comprehensive Risk Assessments for Informed Decision-Making": Okay. That's just an extra minute to let folks join in. With that, we'll go ahead and get started. Welcome and, good morning, good afternoon, to to whoever, has joined from wherever you are in the in the world. In this webinar, we're gonna be chatting a little bit about Know Your VASP and the Chainalysis VASP Biscayne product. And I'm joined by a number of folks from the Chainalysis team. Let me go ahead and get to the next slide to introduce ourselves. My name is Alan. I head up our technical marketing team, but I'm joined by Gideon and Jordan. Gideon. Jordan, would you like to say hello and then introduce yourselves? Hey, everyone. My name is Gideon. I'm a lead product manager for our entity risking and vast risking products, and I'm based out of New York. Jordan. Hey, everybody. Jordan Bregman. I lead business development efforts on our partnership team. Looking forward to presenting to you today. Awesome. Thanks for joining us and to all of you as well. I'm seeing some, locations from around the world. That is really cool. Please send in your locations because that's it's great to know where where everyone's at. Glad we brought together a a very large, audience here. With that, just a little bit of the logistics. This webinar will be recorded, so you can reference it in the future date. There will be so, if you need some closed captions, that is an option for you as well. At the end, we are gonna open up for q and a. So please feel free to submit questions as we go through, and we'll we'll try to tackle them, towards the end. And if you do, find something that you're interested in learning more about, wanna, you know, chat with someone, you can hit the little request a meeting button and, that'll help you, get in touch with someone, in a private conversation. Okay. This is, just a a legal disclaimer. What we're gonna be presenting is, informational purposes, not intended for, like, legal or financial advice. So please do any of your own research and due diligence as as necessary. Okay. With that, over the next, you know, with over the next about now, we're gonna go through, a few topics, introducing kind of the the context for vast risking, what is going on in the world that, like, makes it important. We'll take a look at blockchain data and how that's how it fuels that view into vast risking. And then we'll take a look at some of the newest additions, to both looking at the product of vast risking as well as off chain data. And, I always like to save, fun parts towards towards the end. We'll have a fun walkthrough of a demo so you can see it live, and then we'll move over to q and a. Okay. So with that, for for the folks who are new, like, what what is a VAST? A VASP is a virtual asset service provider, and that refers to any business or Etsy that's doing some services relating to virtual assets. And so that can be anything like doing an exchange or helping safe keep our custody funds. There are many out there and likely more and more are appearing every single day. And if as we look at some of the context, the the world that we're in, we're seeing that the growth of crypto is just amazing. And it's just leading to more need to understand, what how VASPs are exposed to particular risk because we need to interact with them more and more. And there's a lot of things that's, like, leading towards, you know, this this trend of, more VASPs and more, more need to understand the risk involved with them. Even just looking at, this is a plot from CoinGecko. It's just like the the market cap of all many of the top chains is it's just going to, extraordinary, levels. But even within our own Chainalysis', research team, when we look at the adoption index across around the world, we're seeing that, you know, this is an index that looks at several, particular areas like, you know, how much funds are received by a particular service, in retail, normalized by by population. But you're seeing, like, that index, which you can learn more about through that link, is reaching levels beyond the last crypto bull run. So we're seeing amazing adoption around the world. And in particular areas, like stable coin regulation, lot have been adopted, many are emerging, even even this morning, I think I I I saw headlines how in the EU, like, 10 new issuers are approved, for stable coins. And, and and this is just showing more and more how digital assets are moving closer into the mainstream and how important it is to pay attention to these and, assess VASPs for what kind of risk might be, might be there. It's all about understanding that legitimacy and trust and how we can, build a a great community together. Some other, headlines that is just more fuel that's showing how the crypto is moving to the mainstream are ones like this. You know, Powell recently mentioned, in this quote that, you know, banks are perfectly able to serve crypto customers as long as they're able to, you know, manage those risks. And with, the SAB one twenty one, which is the staff accounting bulletin from the SEC, that was rescinded with SAB one twenty two. Pretty much, making it so in the world before, you know, many, you know, banks and organizations that wanted to do cussing had to list those assets as liabilities on their in their accounting. But now that's kinda changed. It's it may likely encourage more custody of services. The reason I bring that up is, now, that, we're gonna see more likely more and more, VAST appearing and more need to, as we encounter them, understand the risk involved so that we can, you know, proceed safely with digital assets. Now that's a lot of indicators of growth in this space, but what's important, another part of what we do at Chainalysis is help tackle and look for that illicit activity. And this, plot here is from the CryptoCrime Report, and it shows by your kind of the percentages of illicit activity. You know, from '23 to 24, it looks like it dropped, which is which is great. It's it's always all very, very small, but just the sheer volume of of activity out there, even that small percent is a huge number. It's about 40 to potentially $50,000,000,000 of illicit activity spread across many categories from, like, sanctions to scams, terrorist financing. And these are the types of things that one needs to have some view as you encounter encounter VAST to understand what is their exposure to it. Are we, complying with regulations? And so, that's just a little bit of setup to look at, you know, in this world as, you know, digital assets are becoming much more mainstream and much more adopted. They're they're it's important to safely understand that risk to precisely understand it and efficiently be able to spot where to invest resources for due diligence. And so for banks, that might mean, you know, when climate clients are, you know, looking for services, being being able to understand if they're acceptable from a compliance risk standpoint. And for crypto businesses, if you wanna partner with more folks in the ecosystem, which is only gonna increase, how do we make sure we select the right partners and, you know, reduce solicit, exposure and, you know, protect one's brand? And the key to kind of building these understandings of these VAS that all lies in blockchain data. And that's what we're gonna go into next is like, how does the data that's on this public ledgers, how does it give you that view of a VAS? But before we get into there, I would love to interact with with more of you, like, hopefully, we can put up a little poll. When you are thinking about VASPs, these virtual asset service providers, like, what are you most concerned with? Is it, you know, I think a poll's appearing right now, but is it looking for, you know, sanctioned activity and preventing that from getting toward towards your yourselves? Or is it, you know, keeping a record of risk assessments? Please feel free to, like, check mark as many, of those options that that are on top of your mind. And, maybe towards the end of the webinar as folks, you know, vote into it, we can show that show that plot. But I think it's always really interesting to understand, like, when you're thinking about VAST, what what are you most concerned about? Okay. So with that, we've kind of set up like, okay. There's a lot of growth in this space. Really need to, as we encounter more VAS, how do we understand what's what is their profile? And I mentioned before that blockchain data is at the core of getting that look. This is what blockchain data looks like. It's a bunch of ones and zeros, many different chains. Like, how does one make sense of what this is? Does you can how do you answer these questions of, like, what entity is this? What address did this interact with? Is it risky or not? And this is at the core of what Chainalysis is working on. We're going from those numbers and letters to some, real world entity. We're not trying to track PII or any personal information. It's like, you know, which which grouping is, belonging to a sanctioned entity or to a dark net market. And just to give a little insight to this, how this data, works is we first start with evidence based attributions. We've got a huge team as well as with our partners, our customer network, we are gathering attributions, evidence that tie one address to an entity. And that could be from information on the web, OSINT, many other investigative techniques to kind of make that that connection. And then we move to what's called deterministic clustering. This is just a fancy way of saying, based on the behaviors and, transaction patterns of what's happening on chain, one can associate one address with another and say, these all belong together to a dark net market or this particular service. That clustering is what enables you to get a great view of of a VASP and what they're exposed to. And we'll see how that, comes about in just a few moments. But what we're seeing here is blockchain data enables you to go from stuff on the left towards views on the right. I just use a couple examples here. On CoinFind and Bitstamp, but it's it's now you're able to look at not just the numbers and letters. It's, like, actual entities. And just to give you a sense of this data, you know, Chainalysis' blockchain intelligence dataset is encompasses over 92,000 entities, a billion addresses clustered. And the reliability of this data is is really powerful because, my many folks in law enforcement has used this to help, you know, freeze, seize, or recover funds that might have been stolen or or whatnot. So, the the reliability of this data is extremely important. It's paramount. And, we're so, you know, excited to, like, partner with many of our customers, the over 1,400 who are sharing intelligence with us, you know, on a daily basis and and able to take this and put it into vast risking. And with that, that's a little setup of, like, what is the data? And, I'd like to turn it over now to Gideon who can tell us more, like, how does that data now make its way into the view of Avast. Gideon, should I take over? Alright. Thanks, Alan. Alright. So as Alan was mentioning, blockchain data is public, but it's opaque. So what that means when you're looking at an exchange is you need to understand which of those wallets belongs to an exchange and which of those wallets belongs to named counterparties. So if you look at the next slide, it will show you exactly how this anonymous view gets transformed into more of a visual view of who's interacting with who. So we revealed a real world entity controlling the wallets, and that is the underlying data for all of Channelys' products. That could be our investigative products like Reactor. It could be our transaction monitoring like KYT, or it could be our vast risking product, which I'm gonna talk about in more detail. But before I do, I'm just gonna run through our different compliance solutions really quickly before I get into vast risking so So you could get a sense of the different ways to to view this data, to slice it, to interact with it. Alright. So next slide, please. So the first one is you could imagine is it's kinda like a know your customer use case. And if a wallet is connecting to your application, you'd know nothing about that wallet. You wanna get a background check on that wallet. What's their on chain activity? Have they been interacting with risky counterparties? Based off of that, should I let them on my platform? Yes or no? Or should I do more diligence on them if it if it's in the middle? So that's one use case. We call that address screening or entity risking. The next use case is KYT, also known as known your transaction. And this is if you're an exchange or if you're custody in crypto, you're looking at the transactions going into and out of your institution. And there, we could take a look at the transfer and see if that transfer is risky or is involved with a risky counterparty. And from there, we could aggregate it from the user. So of the user of your platform, are are certain users sending a bunch of risky transactions, and they should be viewed at differently. And that could lead to, a more full fledged investigation. It could lead to offboarding or freezing funds or other actions that that a an exchange or bank might wanna take. And lastly, we're talking about VASPs. So this is how you understand the on chain activity and the holistic behavior of of a VASP using on chain evidence. So this, chart or this this visual is showing kind of what we were talking about before is how these anonymous wallets are actually all mapping up, and then you could get this holistic sense. So I'm gonna go through into the actual product, some of the key features, and then Alan will show a demo so it'll kind of bring it to life. But what VAST risking allows you to do is understand the crypto exposure of a VAST to different categories and potentially risky categories. And then from that kind of big view of, okay, what's the overall exposure, it allows you to go drill into certain, cuts of that data so that you could allocate your resources efficiently. And you could see, is there a specific time that I should care about? Is there a specific category I should care about? And that can lead you to more investigation, more questions, and follow ups just to make sure that everything, is up to your standards. And then finally, once you understand the on chain behavior of of a BASC, you could partner with them with confidence, understanding what they're they've been doing on chain. And then in the future, you could maintain compliance by monitoring their activity on an ongoing basis to make sure that that it's still, to your standards. So let's go into the actual features. So the first feature is exposure. And what this is is how it would work is you would come into the product and you would search and exchange by name. Let's just use the fictional Maui exchange, which we use in our examples. And you'll see these pie charts, which if you're a channelysis user, you might be familiar with. And what these are doing, is showing all the direct and indirect receiving and sending exposure to different categories. And you could filter this by specific categories of interest. And then from this category level, you could drill in to actually see in those sanctioned entities, for example, who are those sanctioned entities? What are what are their names? So this is very useful for getting a high level picture, and it is all time exposure and cross asset. So like I was saying before and Alan was saying before is some of this, data could be really huge. Right? Understanding all the different assets, all the different networks, and we aggregate it here in a simplified view to get a really quick, snapshot of of what the exposure is. So once you get exposure yep. Once once you get exposure, you want to be able to classify that exposure, just because those raw values in those pie charts are are a little hard to make sense of. And that's why we have risk scores. So our risk scores are four, they're four risk scores, low, medium, high, and severe, and they're all threshold based. They are not based on, ML models or weights that are not transparent to the user. They're all completely controllable by customers, and they're all, clear thresholds. So in this example here, Maui Exchange has been marked as medium risk because the customer set a rule that said if there is over 0% exposure to dark net market, market as medium. And you could imagine another rule that's saying over 5% market as high over 10, severe, etcetera. So, again, these are all very clear, not black box, and all controlled by you. The risk score is based off the all time activity, which is super helpful because it gives you that quick snapshot. But, some exchanges or VASTs have been around for years, and their their compliance procedures could have changed over in time. They could have improved, right, since since the early days. So we also give you the ability to drill in, on a specific time period, and then you could see the exposure in that time period specifically to different categories, and you could see the risk score, in that particular time period. So that just gives you a a a more granular view that might be more relevant to you. And it just makes it easier to to understand the the big picture. Next slide, please. Okay. So, again, exposure is still complicated. Is it is the exchange that I'm looking at, is that good? Is that bad? Is that average? It's really hard to say. So we built out this visualization. We call it benchmarking, where the exchange that you're looking at, you could compare it to an index of all exchanges and an index of all no KYC exchanges, which is a proxy for risky exchanges. And then from there, similar time based view, you could decide you could also filter it by specific categories, and then you could see, is this on par with its peers? Is it above its peers, below its peers, etcetera? And that is just a good way of understanding exposure, without going in and looking at 10 different VASPs and trying to mentally keep track of it. Just a real time saver and a nice visualization, to make sense of expend make sense of this data. Alright. And the next slide is continuous monitoring. So everything I just described was backward looking. Right? You you we were looking at the historical, trends of exposure over time, the risk score. But let's just say you've now made a decision on how you're go wanna interact with this VASP. You now wanna keep tabs on the VASP going forward. So we built this feature called continuous monitoring where you could monitor Maui Exchange on a go forward basis. And if there is a risk change, we will email you, of that change. So you don't have to go into the tool every day and rescreen it. It kind of is a set it and forget it model. And the last feature I'm gonna talk about is off chain data. So everything I spoke about, up until now has been has been on chain activity and understanding exposure and and slicing and dicing it. But we know that customers also need to understand, the general business, of of a an exchange. So we partnered, with Luca, which Jordan will talk more about to get more information around an exchange. So these things are like location, legal details, licensing details, allowed jurisdictions. And that's in the product today as and this is a screenshot of of what it looks like. And I'll pass it over to Jordan who's gonna talk more about off chain data and different use cases and our our partnership with Luca. Yeah. Thank you, Gideon. So as Gideon mentioned, I'm gonna briefly highlight the Chainalysis and Luca partnership. Next slide, please. So Luca is a technology provider. They offer best in class software and data solutions for digital assets used by financial institutions, enterprises, consumers, and others. And I wanna talk a little bit about the use cases that that really drove this partnership. What was the market demand that pushed us to incorporate some of this fast off chain data within our solutions? And we have a couple of use cases highlighted here. So starting with compliance teams at financial institutions and banks that wanna evaluate their risk related to a VAST. Starting with example one, an exchange that wants a bank to provide a business banking relationship. That bank is gonna need on and off chain data for enhanced due diligence and onboarding as well as ongoing monitoring and alerting. A second example, a bank has business customers that have a fiat nexus to VASP and are interested in evaluating counterparty VASP risk. And lastly, a bank has retail customers transacting in fiat with a VASP. And the bank wants to assess the potential nexus point to any VASP to begin with and what does that VASP exposure, look like. So we're actually gonna unpack that one a little bit more in two slides, but just to round out some other use cases. Regulators often wanna be able to evaluate the risk of a VASP that's applying for licensing in their jurisdiction. On and off chain data provides a more complete picture of this. And then from a law enforcement perspective, having entity and physical address level detail, that really helps support subpoena processes. Next slide. So what we're highlighting here is that, Gideon already covered some of the fields that we're getting for VASP off chain data that we have in VASP risking. What we're calling out here is we're also making this available in a flat file. You can see a mock up on the right hand side of what this kind of looks like. But what this essentially does is enabling you as a key differentiator to identify VAST quickly, and then you can also understand your crypto exposure and get a more holistic view of that VASP. And let's go to the next slide. And this is how we put this together. So why might someone need both the flat file and need VASP risking together? And think back to that use case that I called out where a bank may have retail customers that are, transacting with a VASP. They wanna know what that looks like and what is the exposure of the VASP. And a way that you can do that is you see this workflow on the bottom where a bank can gather customer wires over a period of time. They can scan that against legal entity names from the flat file. Once those matches are found, then you can go and take a more manual approach within VASP risking to search it, get the the complete on chain picture as well, conduct that enhanced due diligence, and then take, you know, further actions in accordance with your compliance program. And so think of it, you know, maybe there's a couple million wires in a given time period. Screening that against the flat five, you might find a couple dozen, VASP as an example. And then, again, you can take that over to VASP risking for, further action. With that being said, I'm gonna actually turn it back to Alan, and we're gonna walk through some of the, as Alan said, fun part, the demos. Sounds great. Thanks so much, Jordan and Gideon. With that, let me go ahead and swatch switch over to the demo. And, yeah, I always like to approach these with a little bit of a story. So, we've chatted a little bit about Maui, and, let me introduce one more character, Sapphire Ridge. So Sapphire Ridge is a fictional bank. And let's imagine that value exchange is approaching Sapphire, for banking services. You know, hey. We, you know, we'd like to it's a work for you. But how does Sapphire understand, the risk profile of Maui Exchange? Well, they do that with, vast risking. Let me get you into the product and take a look at this. This is the view that enables them to start to interrogate all that blockchain data in a single view. And so rather than looking up, you know, Maui's, like, collection of addresses that they might give in, like, an application process, no. They just look it up by name. And Chanelis has done the work of clustering together the thousands and thousands of addresses that might be a part of Maui Exchange. And with that, we can do a quick search and now reveal some of that, that risk profile that that Gideon was referring to with many of those features. And so this is that holistic look at, Maui Exchange. Towards to the left, you can see that risk score that, Gideon was referring to. And this is the first thing that we see. Great. The risk score looks low. This is that overall score, for the vast, but it's based on your own risk policies. It's based on the thresholds, the categories that you can configure. But over to the right, we can get a little bit more information about, the exposure that NAUI has had, as it's been operating. We see those exposure wheels. And as Gideon mentioned, the outer part of the wheel here, like I'm highlighting, is, on the receiving side. It's receiving, you know, what was that? Like, 80 near $80,000,000 in funds from other exchanges. This is really cool. So you can get that understanding of both sending and receiving. The inner circle is all that indirect activity, which could be, you know, sources from, you know, several hops away, for example. But as we talked about earlier, we can let's filter down to maybe the most illicit, activities because this is the area we probably wanna look and understand Maui's risk profile the most. And so focusing on, the right, we can see, it looks unfortunately for Maui on their sending side, it looks like some of their users might be sending funds to ransomware or to scam. But on the left hand side, we can see how it's receiving some of these illicit funds. This is now developing some questions we can conduct some due diligence or even ask Maui Exchange about it. We're receiving quite a bit in scam funds. And, we can build up this understanding and and address, yeah, how are they handling it? So but how does this view of this data, like, how is it built from that massive amount of blockchain data? Let's take a moment to, like, look at the the risk settings and how you can configure it, that profile for your own view. This is all controlled through urban settings over here. And, actually, I kinda think it's helpful to kinda look at this in a spectrum. So Sapphire Ridge, they they might have a particular, you know, risk profile that they're okay with. On that plot, you can see, oh, these are the activities by all the various categories. But as we go to maybe different organizations, risk policy b, there might be particular ones that they wanna, on different they might wanna understand more quickly to get flagged more quickly. And risk policy c, like, maybe there's really important things like gambling or something that they just, want the team to know that is there much more, much more quickly. That is all configurable and, will lead to those risk scores being changed in particular ways. So it's the same exchange, but a different score based on one's appetite for, for what you're looking for. Now here's a look at how that actually kinda works. So here, we can start to arrange those, severities of those categories. Gambling might be something we wanna look at more and move that up to the high. But towards the highest, you can kinda see, like, sanction, activity, terrorist financing. These are often areas that are that are always always up there. But you can go further than moving these categories around in, in kind of the risk level. We can also set up those thresholds. And right now, we're on this, kinda like a scandemic that's going on right now. And, you you know, Sapphire probably wants to, like, know any vast that's in their ecosystem, let's make sure that we flag kind of those scam activity earlier so we can, take action or understand, like, how do we deal with it. And so with a few clicks here, we can change those percentages. So if you went over, you know, a 1% of exposure, we'll get that particular higher risk score and, and and the team can know. So let's switch back and now do a quick rescreen on Maui. And you can see now that risk score has increased. This is again based on all that configuration of risk settings. And if we move over to the exposure wheel, and again, you know, perhaps, you know, filter to severe and high, we can see that the wheels themselves have changed. Gambling has moved outwards because of our changes, and, we get a much more accurate picture for SAFIRE on, on what Maui's, profile looks like. And of course, if we wanna go back in time, Vast Cristine will keep track of all those previous screens. So we've got a record going on, preserving those assessments. Alright. Let's keep going and and take a look at more of this holistic view of of Maui, exchange. The second area is all about counterparties. And we saw some of that in the exposure bill as you drill in, but this view here gives, that kind of ranked understanding of, like, here are the top counterparties by any category, similar to before we can select it, as well as information on, like, the total volumes. So this is really important information to know, yeah, who are they interacting with. If we move forward, I always like to spend a lot of time here in the exposure tab because this is really vital to not only understand, like, the the risk score of value change, but but the trends, the time based views of what is going on with this VAST. And here's that time based score that, Gideon, was referring to. If you look at it over all time, yes, there's a particular score, but, you know, perhaps there was more risk in the past and and the organization has changed and, you know, the trends is is much lower now or vice versa. Like, how do we get that story? Time based, training is the way to do that. And you can set up to look at it over the last, you know, months, quarter, years, to pretty much understand that that that view of, how value exchanges, you know, is operating over time. Okay. On the same vein of looking at it at, trends over time, here is that benchmarking, that Gideon was referring to. And so this allows us to compare Maui Exchange to other VASPs that are in the industry. And so we compare against two core indices. One is, just like overall, you know, the old exchanges, the top exchanges, and as well as an index for the no KYC exchanges, the ones that don't collect, like, you know, know your customer information and broadly looked at as as very, very risky. And we can see there's a a moment in time over here where there's a blip for now exchange that they've peaked upwards. It looks like indeed, you know, other no no case KYC exchanges had a similar, increase. But this is a a way to pinpoint a place for further due diligence from the Sapphire team. Okay. If we continue continue on downwards, when it comes to exposure, there's a number of other ways to look at trends for Maui Exchange. Here is a direct exposure view of all the various activities, by category. And let's look at Sudhir and Hai once again, and and here you can see kind of a a great story for Maui. Like, you know, in the past, yeah, they they had some illicit activity, but maybe through their own work, they've been working on how to, like, reduce that, and, we see this trend going downwards. So this is important for Sapphire to get an understanding of that trending. And, of of course, we can pinpoint particular moments where, yeah, we may wanna ask them about, like, what was this moment over in 2024 where there was a particular amount of exposure to something potentially illicit. Okay. Now what does that due diligence look like? You know, we've got, additional products in the chain analysis portfolio like Reactor. This is what you're seeing towards the right. From those pinpointed moments, you can go over here and start to visualize the flow of funds. And this is, creating that picture of, you know, specific transactions or relationships if you so desire. But it builds that visual, that can then explain a little bit more around what was happening. And you can bring that to Mayo Exchange to help explain, you know, what happened here with this particular transaction? How did you manage it? And, that can be very vital in kind of this due diligence process. But back to that risk, to kind of round us out with the that final piece that Jordan referred to, here is that off chain data, the latest edition. And, you know, on chain activity is definitely extremely valuable when assessing with us. But to get that bigger clear picture, it's good to know a little bit more about some of the off chain data. And so here, we can see information from their legal names to licensing, the financial services that Maui might provide, as well as the jurisdictions that they're, you know, allowed to operate within. And so now with all this, we can see that the Sapphire team's got that that complete view. So here are all those various, countries that, that they're operating in. Now we've conducted this assessment looking at this risk profile for Maui, but that's just this point in time. What about going into the future? We always wanna make sure that, you're set up with a system that can protect you over time. Should the team keep rescreening periodically? With a lot of VASP, with all that, like, that that market trends that we're seeing that there's gonna be likely more and more folks coming in as digital assets move more into the mainstream, that can really add up. And so monitoring is that automated way to get alerted to any sort of change. And, let's fast forward time and see what that change looks like. So, you know, blockchain ecosystems can continue to develop, new parties emerge, different relationships, different kind of trend. You know, it's blockchain is a reflection of human interactions that changes over time. But how does the team know when something has, modified? When do they need to look? Continuous monitoring enables them with that. So let's imagine, we fast forward, and then boom. There is that risk score change, that email that Gideon was referring to that now has indicated that Maui Exchange, uh-oh, their risk score has gone up, maybe due to due to some exposure to something severely, illicit. And so now they can go in and start to investigate and do the right due diligence, really helping prioritize resources to the right moments. And so with that, I hope hope you've enjoyed and, gotten a good look at how vast risk can can help you get that holistic view of, that that profile of a vast and the various ways that you can slice and dice blockchain intelligence data, to really understand what is what is going on, with the VAS. And so with that, this is a recap. What we saw was we did a quick screen on, on Exchange. We saw many different slices of data, the exposure, the counterparties, the benchmarking, able to kind of flag certain parts in those graphs of, like, oh, there's a little blip, like, perhaps we should do some enhanced two field engines on it, how Reactor might be able to help in that situation. But then ultimately, continuously monitor and audit what is going on, with MAUI Exchange. And hopefully, you know, Sapphire has, will will deem MAUI Exchange okay to work with and bring them on board, and and they can work together, future. So, with that, that is the demo, and that is, much of the the content that we have. I I believe there, we've got some time for some questions. So maybe if Gideon and Jordan are able to, come back on stage, we can start to address some of these. I I see quite a bit of activity here. Let's see. Alright. Actually, do we, let me see if I can share the the poll. How do I because that's very interesting to share. Let's see. Oh, I guess I have to stop sharing. Okay. Here we go. Let's share. Here is, the results of that poll that we had earlier. Apologies for as I was figuring out how to to show it. It's just always interesting to see what folks are looking to. And, it looks like, understanding access to, what what illicit activity out there is is very highly important and how a vast might handle specific transactions. Thank you for everyone who who, added in some of their thoughts into this poll, and and hopefully saw some glimpses of that in, in the content as well as the demonstration. Okay. Let's see, if there are, any questions here. How do I let's see. I see some questions in the q and a around, will the slides be oh, the slides be shared. The slides won't be shared, but the recording, will be made available so you can refer back to it. Let's see. How does the VAST riskings function integrate with travel rule solutions? That might be something that Jordan might be able to help answer, because we have many integrations with vendors that support travel rule use cases. Jordan, any any, additional information you might be able to add into that? Yeah. No. I can take it. So the vast risking piece specifically is not what we leverage for integrating to travel solutions. However, as part of the compliance suite that we have, we are leveraging integrations with our KYT product that we integrate with quite a few, different travel rule partners. Nota Bene, Sumsub, and some others. And, effectively, by leveraging Chainalysis data, we're able to help, be a a additive to that solution to identify, if a counterparty is a VASP or not, as well as some other things on the back end of that. But that's primarily how how we're supporting the travel space today. Gotcha. Great. Thank you. Maybe another question on in the off chain data. I see one question on does the risk score consider off chain data? It it does not, but it is added there into that profile as one of those tabs to get that holistic view of what is going on. Maybe in order for Jordan oh, sorry. The thing that I'll add to that is I was saying this before, but, our risk score is intentionally simple, right, where it's all exposure based or category based. So it's legible, and you could understand it, and you could explain it to others. Weighing different things like the primary location, their KYC procedures, it gets a little fuzzier. And, we could build something that would model that out and give some customizability, but it's just something that I think is best left for our customers to really decide how to interpret that. But that being said, if there's feedback around how we could make this easier for you and and things that, you couldn't do just on your own systems, like, do let us know. That's more of the philosophical answer. Yeah. Alright. Thank you, Gideon. I see another question here about is the score based on all transactions ever made by Avast or just a sample? It's all. It's it's all time. All transactions across all chains, aggregated aggregated up, and then all the time slices that you saw would obviously only apply to that time period. Let's see. Can you distinguish between the different legal entities slash countries for a particular VASP? Yeah. So, hopefully, the demonstration saw, you saw that you can see the various legal names, and what countries they belong to as well as, like, the licensing, involved there. Okay. Oh, this is an interesting question. Are there any plans to create a portfolio of VASPs within the n e d risking tool and show aggregated risk metrics for the entire portfolio instead of a single VASP. Yeah. We're getting in. Yeah. Yes. Yes. We have we have heard that. Basically, I mean, you could see how this could get unwieldy. Right? If you're looking at twenty, thirty VASPs, managing each of them individually might be a a a lot of work. Yeah. And we we've explored different ways of consolidating and creating, you know, highlight dashboards, but we're not just quite there yet. So for now, you'll you'll still have to rely on some of our monitoring and just the individual profiles. But, yes, that that is something we are looking at. Great. I see another question here. Thank you. Plea please keep it coming. One is VAST risking function. Is it already available? Yes. This product is available. If you'd like to learn more about it, give it a try, like, maybe hit that request a meeting button towards the top and, that it can be made available to take a look at. Let's see here. I see one question on I'm not at the login page, but I remember there are three categories for screening, like address and portfolio. What is the difference? I I think this question is referring to kind of the slices of, looking at blockchain, what what, Gideon walked through. Maybe looking at an address, looking at a transaction, and looking at kind of a vast level. So there are a number of ways within chain analysis that you can look at those particular sets. So I think that's what that question is referring to. Please, Ryan, if there's a if there's a different, any amount of different information. Yeah. I believe it in the UI, it's addresses, pools, and services is how it's named. And it's it's the same underlying data. It's just each of them have a slight nuance. Like, pools has some liquidity pool metadata. The services has benchmarks because it's comparing against other VAS, but, essentially, it's the same all time exposure view that that that we showed. Cool. Let's see. I've got one question for, the reactor side. How can we define a date range when using reactor to assess exposure to certain typologies? So within reactor, I know we we we gave a little glimpse of it. That's kind of, an additional, like, due diligence investigative process. But there are filter capabilities within reactor that allow you to narrow down to particular ranges. There are also filters for particular types of categories that you may want to look for. In our demo, we saw what scam, ransomware, sanctioned activity. So those filters enable you to kind of narrow down to those specific, transactions and and and whatnot. So, that is all available in in Reactor. The one difference though that I'll I'll I'll rec I'll just mention is Reactor because its primary use cases understanding the flow of funds and tracing money, the exposure is really is all updated to the tip effectively. It so it is in fast risking and address screening. But what we allow is basically a snapshot of exposure of what you were looking at the time. Right? Because that's an important and compliance view is to get that audited view of of exposure, which you can't do in Reactor because it assumes that, you know, you want the most up to date information. Like Alan said, you could go into specific filters in in Reactor to get, specific transactions or specific counterparties, but you can't get that specific time based exposure aggregate in Reactor, if that makes sense. And that's one of the values of BaaS risking is you're able to to snapshot it like that. Let's see. I see one question here about, do smart contracts on chain have direct access to risk assessments? How does a DeFi business make sure their on chain smart contracts won't receive interactions from a risky wallet? Parenthesis, any sort of KYC whitelist on chain. Great question. There are additional products beyond Vastrisking that can help with kind of, like, making sure the risky wallets don't interact with one's one's platform. And Gideon mentioned it a little bit with any risking. You can do wallet screening to see which ones are, have a particular risk score and you can, you know, let them, you know, authenticate into your system. We also have, like, a free sanctions Oracle that can look for, like, sanctioned activity, as well. Gideon, anything you wanna add in to that? No. I mean, so most of our customers are are will the front end when a user is connecting with the front end, we'll call our API to do that compliance check. If you wanna do it on chain, like Alan said, we do offer oracles. There is just a slight data difference between the oracle and the API, but we could talk about more of that. If you don't need to go into the details of that right now, but that's just, that's just some of the differences. Cool. Let's see. Let's see. One question here is, is there any doubt is there any documentation that would be sent after the webinar? Oh, yes. Sorry. I was reading it as as I was seeing it. The webinar will be shared, and, I think the best way if you are looking for any particular documentation is perhaps, like, hit the request the meeting button. You can chat with someone who can provide, like, a little more information about, you know, specific areas of the product that you're looking for. I think that's probably the best. Does the tool provide exportable reports for auditing and internal evidence? Maybe over to Gideon on that one. That's that's a good one. Right now, exporting is basically a screenshot, but we're building export, like, as we speak. So, you'll be able to that those exposure wheels that you saw, you'll be able to export those as a PDF. Cool. Hopefully, by, you know, the end of this half. Cool. Right. Let's see. Oh, one question here. Is there an API for this product? It looks like that was the last one that came in. Yeah. There is not an API for the vast risking. It's a UI experience search by name. That being said, the flat file that Jordan was talking about is essentially the same dataset. It's just, most of our customers have asked for it in that format. If an API makes more sense, like, we could talk about that. It's it's technically possible. We just haven't prioritized it. And to be clear, there are API feat there's API access for other parts of the compliance suite, just not the best risking, product in particular. I guess I see one more oh, another question is coming. How often is the best risk in tool updated? So I guess that's more question for how often the the risk score changes, I I believe. Well, the the it's well, the it's near real time. I mean, it's our exposure calculation is is, it's a complicated question, but I think for for all intents and purposes, it's near real time. As we get new attributions, as we ingest more blocks, as we do more clustering based on heuristics, all of that exposure gets recalculated and that is fed into all of the analysis products including vast risking. I think that was the question. Was there another part of that question about oh oh, the risk score. Oh, and then and then once that is calculated, the risk score, if if it would have changed, would have changed immediately. Like, that that would have that would happen in close to real time. And we also saw in in the demo how you can update your risk settings and that score will automatically take on the settings and update. Exactly. Let's see. I there's one question here around, are the VAST preloaded on the solution, or, do we have to put a specific VAST for ratings? So I I believe the question referring to, like, in the demo, we searched up, like, Maui Exchange as an example. Like, are those preloaded? Yeah. That is part of, the chain analysis, like, dataset as we are, going through the process of defining evidence based attributions and clustering, we're finding, like, those services, and so that's what's being made available. So it's it's it's automatic and not, I think you referred to it as a preloading. It's there's no, like, uploading data to, like, to get access. It's it's there in the dataset. Cool. Yeah. If an exchange popped up tomorrow and we attributed it tomorrow, it would be in the tool. Right? It we're not yeah. Awesome. So I I think that's the latest question I saw come in. Let me scroll back up to see if I missed one. I saw it's doing a lot of scrolling to spot them. Let's see. Please feel free to to write in if you maybe see more. Is oh, oh, here's one question. Is is know your VASP program required if oh, it just moves because new one came. Is know your VASP program required if our customers are exposed to a VASP? We'd love to know a little bit more about your your situation, but I think that sounds like kinda similar to what Jordan was referring to with the off chain flat file, for example. They're, like, like, the bank could use, the flat file to understand the wires from a from their customers going into VASP and identify, oh, what are some points we might need to look at? So that's where that product might be able to support there. In terms of, like, is a program required? I think that's more a a policy question that I may not be able to to to comment on. But, hopefully, the the product of the flat file can help you with with that situation. This question about wallets, I I could I could address that, that that Prashant asked. The the question is if you don't have an exchange in your database, but if we give you a wall address, can you profile as a VASP? This is a common ask. The the short answer is it depends. Like, our attribution is based off of wallet infrastructure, and if we find unique wall infrastructure, yes, we could classify it as a new exchange. Some of the tricky situations come in when a wallet is part of an exchange, right, like a nested service, and we have other solutions for that. But you could always look it up on the, address level as well, but not we wouldn't necessarily classify it as a VASP. It it depends. Sorry if that was convoluted, but, this is like a deceptively deep question actually around how things are attributed and what their behavior is on the blockchain. So it depends is the answer. Yeah. I mean, I'm just looking at the question about the cold wallet. Are you referring to, like, the cold wallet of an exchange? I mean, we could, like, we could only attribute wallets that have activity. Right? If it if there's a wallet sitting there that hasn't moved, it may be possible to attribute it, but it's very difficult. I I think that's what that question is getting at, but I'm not positive. Do you have any more questions, Alan? I think that's the most recent one, which was the cold wallet one. So, maybe, please, I'll stay on we can stay on a little bit longer, but, do wanna say thank you to everyone who took time out of your day to join us. Hopefully, you found the content interesting, and, have fun with some some of the demo on the polls. I think it's a very fascinating space and I really appreciate the lively, discussion and all the questions. So, to answer some of the questions which I saw appear a few times, will this webinar be shared? Yes. It'll be emailed over. And, and if you do want to chat with someone about more information, hit that request button, towards the top. Let's see here. Oh, I think one more came in. Would distributing a wallet be equal to knowing the beneficial owner from a KYC perspective? I'm I'm sorry. I'm not sure I get that question. Would it be equal to knowing the beneficial? Yeah. I I I I think if we're talking about if we attribute a wallet as, let's say, ransomware or a scam, we're really just classifying it, and potentially understanding who owns owns it, but not necessarily who the ultimate beneficiary owner is. So, like, that would require, like you mentioned, KYC details. That being said, if it then goes to, you know, an exchange or that that money has been moved to an exchange and that customer has been KYC'd, it can lead to, basically, the the the identity of that person. But our our blockchain intelligence doesn't go to the personal level. It just goes to the, you know, entity level. Awesome. Well, with that, I suppose, I don't see any more questions. So thank you again. I think we can go ahead and end a little bit early and give folks a few minutes back. So thank you again. Thanks, Gideon and Thornton. Thanks, everyone. Alright. Cheers. Take care.