Skip to main content

Compliance & Identity Verification

CRYMBO Connect provides a programmable compliance engine that enables institutions to onboard VASPs and wallets without relying on fixed KYC/KYB schemas. It uses metadata-driven logic to enforce Travel Rule requirements, risk policies, and selective disclosure of encrypted data — all mapped to blockchain transactions.

This compliance layer supports:

  • Full user & wallet metadata tagging
  • Encrypted PII exchange (off-chain) linked to on-chain actions
  • Zero-knowledge policy validation
  • Dynamic risk scoring per wallet or VASP
  • Selective enforcement (e.g. require KYB only on crypto withdrawal, not signup)

Core Concepts

1. Metadata-Driven Identity Verification

Rather than traditional forms, CRYMBO allows platforms to define KYB/KYC rules dynamically using key-value metadata and configurable triggers.

Examples:

  • Set KYC_VERIFIED = true only after Travel Rule PII is submitted and confirmed
  • Assign RISK_SCORE = high if certain jurisdictions or behaviors are detected

2. Travel Rule Enforcement

Encrypted PII is submitted to the Oracle API off-chain:

Endpoint:
POST /deposits/pii

Fields:

  • network – e.g. POLYGON
  • hash – transaction hash
  • pii – encrypted (base64) payload

This ensures sensitive data is never stored on-chain. Oracle validators decrypt and verify as needed.

3. Risk Engine & Policy Triggers

You can define rules like:

  • Block withdrawal if RISK_SCORE > 80
  • Require questionnaire if RISK_JURISDICTION = true
  • Enforce PII check on DEPOSIT_FROM_VASP = true

These policies are checked in real time, using wallet metadata and transaction origin context.

4. Dynamic Questionnaires

Users can be prompted with risk-tailored questions during onboarding or before triggering events (e.g. transfers).

Submit Questionnaire Endpoint:
POST /v3/users/meta/submitQuestionnaire

5. Compliance Event Flow

  • Pusher sends crypto
  • CRYMBO Oracle emits PIIRequested
  • Receiver posts PII to Oracle
  • Oracle verifies and emits PIIProvided
  • Compliance score is updated (off-chain or via webhook)
  • Transaction status is finalized

This flexible system allows institutions to meet MiCA, FATF, and internal compliance goals without embedding rigid forms or centralized ID systems.