Risk scoring and AI-powered compliance have become the invisible infrastructure of regulated crypto. Every major centralized exchange, many banks offering crypto services, and a growing number of DeFi protocols use automated systems to assess the risk associated with wallets, transactions, and users. Understanding how these systems work, how they affect everyday users, and what their limitations are is practically important for anyone interacting with regulated crypto infrastructure.
What Risk Scoring Systems Do
Transaction monitoring systems continuously analyze crypto flows to identify patterns associated with known risks: sanctioned entities, mixers, darknet markets, ransomware wallets, fraud schemes, and other flagged categories.
The process:
1. Every transaction touching a monitored address is analyzed
2. Direct exposure (the wallet directly sent to or received from a flagged address) is identified
3. Indirect exposure (the wallet received funds that can be traced to flagged addresses through multiple hops) is calculated and weighted by proximity
4. A risk score is assigned based on the composition of the wallet's transaction history
The major providers โ Chainalysis, Elliptic, TRM Labs, and Sardine โ maintain proprietary databases of address labels (exchange hot wallets, known mixer addresses, darknet market addresses, etc.) built through a combination of on-chain analysis, data purchases, and law enforcement partnerships.
How Exchanges Use Risk Scoring
For regulated exchanges with AML/KYC obligations, transaction monitoring is a compliance requirement in most jurisdictions. The FATF Travel Rule and AML directives require financial institutions to flag suspicious transactions.
In practice, exchanges use risk scores to:
- Screen incoming deposits โ Flag deposits with high risk scores for review or reject them automatically
- Review withdrawals โ High-risk destination addresses trigger compliance holds
- Ongoing monitoring โ Continuously monitor account activity for changes in risk profile after initial KYC
- SAR filing โ Automatically or semi-automatically file Suspicious Activity Reports with financial intelligence units when thresholds are met
The implementation is often automated with human review triggered at specific risk thresholds. A transfer from a known mixer address might trigger automatic hold; a transfer with moderate risk exposure might trigger human review.
The False Positive Problem
Risk scoring systems generate false positives โ flagging legitimate users and transactions as high risk. This is one of the most significant practical problems with these systems.
A common scenario: a user sends funds to a privacy-focused mixer for legitimate personal privacy reasons, then later deposits the unmixed funds to an exchange. The funds are flagged as "mixer exposure" and the account is frozen or closed, even though the underlying use was legal.
Another common scenario: a user receives funds from an exchange or service that is later sanctioned or shut down. Even though the user received the funds before any sanctions or legal issues, the historical connection creates risk exposure.
Consequences: accounts frozen for weeks while manual review occurs; requests for extensive documentation to explain transaction history; account closures with funds locked pending KYC review; deposit rejections for incoming transfers.
Legitimate Concerns About These Systems
Beyond false positives, risk scoring raises broader concerns:
Due process โ Private companies make consequential determinations about financial access with limited transparency about how decisions are made or meaningful appeal processes.
Guilt by association โ The "taint" concept โ where funds become suspect because they passed through a flagged address many hops removed โ creates situations where users are penalized for other parties' behavior they had no knowledge of.
Chilling effect โ Knowledge that transaction histories are permanently analyzed creates chilling effects on legitimate privacy behaviors that crypto was designed to enable.
Error correction โ When labels in analytics databases are wrong (attributing a legitimate exchange address to darknet activity, for example), affected addresses face consequences they cannot easily challenge or correct.
What Users Can Do
Understanding the risk scoring environment allows more informed choices:
- Avoid mixing services subject to sanctions โ Using sanctioned services like Tornado Cash creates legal risk beyond risk scores
- Prefer non-custodial swaps over mixers โ Non-custodial swap platforms like SyntheticSwap don't create the same mixing flag as dedicated mixing services, while still providing a degree of transaction separation
- Document transaction sources โ Keeping records of where funds came from enables responding to compliance inquiries when they arise
- Understand your exchange's policies โ Some exchanges have more aggressive screening than others; users who prioritize privacy may prefer exchanges with transparent screening criteria
Risk scoring will continue to develop in sophistication. The tension between effective financial surveillance and legitimate privacy and due process concerns is likely to intensify as these systems become more powerful.
