Ichnos

Choosing an AML wallet-screening tool: a buyer's checklist

A practical buyer's checklist for choosing an AML crypto wallet-screening tool as an EU CASP — coverage, defensibility, pricing model, data residency, integration and honesty about limits.

Buyer's guideAMLWallet screening

Most crypto wallet-screening tools were built for exchanges, priced for exchanges, and sold the way you sell to exchanges: a sales call, a proof-of-concept, a five- or six-figure annual contract. If you run a 3–20-person CASP, an EMI with incidental crypto flows, or an audit firm serving crypto clients, that model does not fit you — and picking the wrong tool is expensive to unwind. This checklist is what to actually compare.

1. Coverage: which lists, and both entity and wallet?

Start with the data. At a minimum, a serious tool screens against the EU consolidated list (your binding obligation as an EU firm), the OFAC SDN crypto addresses, and a broad watchlist source such as OpenSanctions. Ask how often the lists refresh — daily is the right answer — and whether each screen records which list version it ran against.

Then ask the question pure chain-analytics vendors dodge: can it screen the counterparty entity (name, PEP and sanctions status) and the wallet in the same check? A crypto transfer has a person or company behind it as well as an address. Screening only the address leaves half the risk unseen. Combined entity-plus-wallet screening in one result is a genuine differentiator, not a nice-to-have.

2. Defensibility: does it produce evidence, or just a verdict?

The output of a screen is not the point — the record is. When your regulator or auditor asks how you screened a given transfer, “the tool said green” is not an answer. Look for:

  • a signed, timestamped report per check (PDF and CSV), not an ephemeral on-screen result;
  • provenance on every result — the dataset versions and engine version behind it, so any past check can be reproduced and explained; and
  • match transparency — a certainty tier and the reason each match scored, instead of a black-box number.

If a tool cannot hand you a defensible artifact for your compliance file, it is a lookup, not a compliance tool.

3. Honesty about certainty and limits

This one separates the trustworthy from the rest. A good tool distinguishes a direct list match (highest certainty) from a proximity signal (“Near” / “Indirect” — close to something flagged, but not a verdict of guilt) and from an exposure estimate (a model of fund flow, not a measurement). It should say plainly that a “clear” result is the absence of a known link, not proof of innocence, and that lists are never complete.

Be sceptical of any vendor quoting a single precise accuracy percentage without saying what it was measured against. A tool that over-claims certainty is setting you up to defend a number you can’t explain. We would rather under-claim and be trusted — see how we describe our own tiers and limits.

4. Pricing model: does it match your volume?

Enterprise tools charge enterprise minimums. For a smaller firm the right shape is usually per-check credits with no seats and no minimums, so cost tracks usage instead of a headcount you don’t have. Look for a genuine free trial you can self-serve (running real checks, not a sales demo), transparent top-up pricing, and the ability to cancel without a procurement cycle. If the only way to see pricing is a sales call, that is your answer about who the tool is for.

5. Data residency and security posture

As an EU-supervised firm you will face vendor due-diligence yourself, so screen your screener:

  • EU data residency — is your screening data hosted in the EU, with GDPR export and erasure supported?
  • Access control — per-tenant isolation, role-based access, scoped API keys.
  • Honest security claims — a vendor that says plainly what it does and does not yet hold (for example, that SOC2/ISO27001 is on a roadmap rather than claiming a certification it hasn’t earned) is more trustworthy than one that papers over the gaps.

Ask for a subprocessor list and a data-flow summary. A serious vendor will have them ready.

6. Integration: manual today, API tomorrow

Even if you start by pasting addresses into a screen, check there is a REST API and webhooks so you can later screen inline in your onboarding or transfer flow and get the result and report back programmatically. You want a tool you won’t outgrow the first time volume picks up.

The short version

AskGood answer
Which lists?EU consolidated, OFAC SDN, OpenSanctions — refreshed daily, version recorded
Entity and wallet?Yes, in one check
OutputSigned, timestamped report with provenance and match tiers
CertaintyDirect vs Near/Indirect vs exposure estimate, stated honestly
PricingPer-check credits, no minimums, real self-serve free trial
DataEU residency, per-tenant isolation, honest security posture
IntegrationREST API + webhooks available

Ichnos was built against exactly this list, for the firms the enterprise tools price out. The best way to judge it is to run a few real checks yourself — the first 100 are free, no card. Start free →

← All guides

Screen your first wallet — free.

Create an account and run your first 100 wallet and counterparty checks free, no card. Hand your auditor a report you can stand behind.