Risk Scoring
CRYMBO Connect includes a flexible risk scoring system that allows institutions to assess and respond to potential compliance risks at the user, wallet, or VASP level. Risk scores are stored as metadata and can be used to trigger enforcement actions such as KYC, KYB, or transaction blocking.
This system enables granular, real-time compliance enforcement without locking your flows into static rules.
How Risk Scores Work
- Risk scores are numeric (0–100)
- Can be assigned to users, wallets, or institutions
- Evaluated against rule-based thresholds in your business logic
- Can be updated manually or by automated processes
- Used to gate actions like withdrawals, deposits, or onboarding
🧾 Assign Risk Score to a User
Endpoint:
POST /v3/users/meta/update
Payload Example:
{
"userId": "user_001",
"meta": {
"RISK_SCORE": 87,
"RISK_JURISDICTION": true,
"TRIGGER_MANUAL_REVIEW": true
}
}
🧾 Assign Risk Score to a Wallet
Endpoint:
POST /wallets/assign-metadata
Payload Example:
{
"walletId": "wallet_abc123",
"meta": {
"RISK_SCORE": 65,
"GEO_FLAGGED": true
}
}
Example Enforcement Logic
| Risk Condition | Enforcement Outcome |
|---|---|
RISK_SCORE > 80 | Require enhanced KYC before transfer |
RISK_SCORE > 90 | Block transaction and trigger alert |
RISK_JURISDICTION = true | Require KYB and admin approval |
GEO_FLAGGED = true | Restrict on-ramp/off-ramp usage |
These rules can be evaluated in your service logic or via compliance middleware.
Updating Scores Post-Transaction
Risk scores can be increased or decreased based on user activity, oracle feedback, or external signals.
Example:
- Increase score if deposit exceeds threshold from unverified source
- Lower score after successful PII verification and whitelist confirmation
Event-Driven Risk Triggers
Integrate with compliance events such as:
PIIRequestedPIIProvidedTransactionCompliant
You can subscribe via webhooks or blockchain listeners and adjust scores accordingly.
Let me know if you'd like to continue with the next section: Travel Rule & PII Submission.