Verification is the product.
Risk, AML and KYC, blockchain forensics, proof of funds, proof of wallet ownership — the evidence file that decides whether a transaction exists at all.
Eight risk classes organize the control framework.
Risk classes map one-to-one onto the controls register in the Transaction Procedures (BBC-DAM-2026-002 §18); the terminology is identical across both documents by design.
The operative phrase: evidenced — not asserted. The most common diligence failure is accepting narrative answers where documents are required.
A · Know your counterparty — minimum file
- +Natural persons — government photo ID, proof of address, date of birth, nationality, PEP and sanctions screening, liveness verification where remote.
- +Entities — certificate of incorporation, registers of directors and members, constitutional documents, proof of registered address, regulatory licenses where claimed.
- +Beneficial ownership — identification of all natural persons at or above the applicable UBO threshold (commonly 10–25% by jurisdiction), with the same individual checks applied.
- +Authority — board resolutions or mandates evidencing the signer's power to transact.
B · AML program expectations
- +Risk-based assessment of each counterparty: jurisdiction, structure complexity, product, delivery channel, and transaction pattern.
- +Source of funds and wealth evidenced — bank statements, audited accounts, sale contracts, inheritance instruments.
- +Ongoing monitoring across the transaction lifecycle, not a one-time gate; re-screening before each tranche.
- +Regulatory context — FATF recommendations (including the travel rule for VASPs), U.S. BSA/FinCEN, the EU AML framework, UK MLRs. Which obligations bind which party is determined by counsel.
KYC is jurisdiction-specific. The standards here are a floor, not a ceiling — where a counterparty's local regime demands more, more applies. We do not advise counterparties on their own obligations; their counsel does.
Public blockchains are permanent, append-only ledgers. Every unit of BTC, ETH, or a stablecoin carries a complete transaction history back to issuance.
Q·1 Is the counterparty's wallet directly or indirectly exposed to illicit sources?
Q·2 Are the specific assets to be delivered traceable to sanctioned or criminal origins?
Q·3 Does the wallet's behavioral history match the counterparty's stated profile?
Screening is performed on the exact addresses to be used in settlement — not representative wallets — and is repeated immediately before funds move.
Fig. 4 — Screening output · typical risk tiers
Numeric thresholds and decline rules are internal policy (BBC-DAM-2026-002 §16) and are not disclosed to counterparties.
Every unit carries its complete history back to issuance. The ledger forgets nothing — which is precisely what makes forensic screening possible, and mandatory.
Three credible providers dominate institutional screening. The control is that screening happens — twice for size, on the exact settlement addresses — not the brand.
Chainalysis
Among the most widely adopted blockchain analytics firms, with deep penetration in government, law enforcement, and large exchange compliance programs. Its entity-clustering dataset is one of the industry's most extensive.
Where it fits — accepted as a primary screening source. Reports must be dated, address-specific, and generated by an identified license holder; counterparty-supplied PDFs are re-verified independently.
TRM Labs
A blockchain intelligence firm serving financial institutions, crypto businesses, and government agencies, with particular strength in cross-chain analytics — tracing value as it moves between blockchains via bridges and swaps.
Where it fits — accepted as a primary source; preferred where the settlement path crosses chains or involves Tron-network stablecoin legs — exactly the OTC settlement pattern.
Elliptic
One of the longest-established blockchain analytics firms, with a strong institutional and banking client base and early leadership in crypto-asset risk research. Its typology publications are reference material across the compliance industry.
Where it fits — accepted as a primary source; frequently the second provider in dual-screen verification. Typology research informs the standing fraud-indicator register.
Descriptions reflect public information; no endorsement or affiliation is implied.
BloomBridge screening policy — summary
At qualification; immediately before the test transaction and each tranche; on any change of wallet, network, or settlement path; post-settlement spot checks.
Screening applies to the exact settlement addresses — representative or substitute wallets are not accepted.
Transactions above internal thresholds are screened through two independent providers.
Counterparty-supplied reports are indicative only and re-run independently. Providers not on the accepted list are routed to compliance for evaluation before any reliance.
Exposure is dynamic: an address clean at qualification can be tainted by settlement day. The pre-settlement re-screen is the controlling screen — qualification only opens the door.
A · What qualifies
- +Recent bank statement or bank letter in the buyer's verified name, from a regulated institution, dated within an agreed window — commonly 3–5 business days for active transactions.
- +Bank-to-bank confirmation through authenticated channels where transaction size warrants — the strongest form.
- +Attorney or escrow confirmation that cleared funds are held in trust for the transaction.
- +Account-name match: funds must sit in the name of the contracting party — third-party funders require their own full KYC and documented role.
B · What does not qualify
- ×Screenshots, balance photos, or editable PDFs without issuer verification.
- ×"Bank instruments" offered in place of cash — SBLCs, BGs, MT-series messages "for lease" — outside any structure counsel has approved.
- ×Stale statements, blurred account numbers with no verification path, or statements in unrelated names.
POF documents are verified to source — by direct contact with the issuing institution or through counsel — never accepted on their face. A POF that cannot be verified is treated as absent.
POF is the cheapest filter in the process: it removes unfunded buyers before legal, escrow, and forensic costs are incurred. POF requests are reciprocal to proof-of-coins requests — symmetric exposure on both sides.
A · Accepted methods — strongest first
- 01Signed message — the seller signs an agreed, transaction-specific text (date, counterparty reference, nonce) with the private key of the settlement address. Cryptographic, free, and conclusive for that address.
- 02Micro-transfer — a small, agreed-amount transfer from the settlement wallet to a specified address within a defined window. Proves control at trivial cost.
- 03Custodian attestation — where assets sit with a qualified custodian, a written, verifiable attestation naming the client and balance.
- 04Live verification — observation of wallet access in a recorded session; supplementary, used with one of the above for high-value transactions.
B · Not accepted
- ×Screenshots of balances or block explorers — anyone can screenshot any rich address.
- ×"Satellite" or "wallet viewer" videos and similar artifacts known from fraud typologies.
- ×Proofs for a different address than the one settling — verification is address-specific.
Ownership proof is always paired with forensic screening of the same address. Control without clean provenance fails; provenance without control proves nothing about the seller. Settlement requires both, on the same address, contemporaneously.
Where the settlement wallet is a multisig or smart-contract account, verification extends to the signer set and policy: who can move funds, under what quorum, and whether the policy can change before settlement. Counsel and compliance review the arrangement explicitly.
Proofs are time-boxed. A signed message from last month does not establish control today; re-verification immediately before settlement is standard for large transactions.
Casascius physical bitcoin · Image: Wikimedia Commons
Control of the key is control of the asset.
The early Casascius coins sealed a private key beneath a tamper-evident hologram — ownership made physical. The modern equivalent is the signed message: whoever can sign with the settlement address's key controls the coins. Everything else — screenshots, videos, balance displays — is theater.