Crypto VASP Compliance Self-Assessment

Draft not saved

Your Compliance Snapshot

Satisfactory points

—

Needs improvement points

—

Total questions

12

Percent score

—

Category

—

Tip: You can still click Save/Print PDF below to export this summary with your responses.

Note: Your answers auto-save in this browser. Use Save/Print PDF to export. When you click Submit, a copy will be emailed to ravi@deriskpartners.io and your result will display below.

Company

Respondent - Name Respondent - Title

Respondent - Email

Date

Jurisdiction (Primary)

1a. Regulatory Licenses

Do you hold required licenses/registrations in your operating jurisdictions?

Yes, fully licensed in all jurisdictions Partially licensed (specify which missing): No licenses held Pending applications (specify): Operating under a no-action letter or sandbox exemption (specify):

1b. Regulatory Licenses - PSA Status (Payment Services Act) 1c. Regulatory Licenses - Notes

2a. AML/KYC Program

Do you have a functioning AML/KYC program with transaction monitoring?

Yes, full program with automated monitoring Basic program, manual monitoring Limited program in development Hybrid model (internal + vendor) No formal program 2b. AML/KYC Program - AML Officer

3a. Customer Fund Protection

Are customer funds segregated and protected? Are funds held directly or via a third-party custodian (e.g., Fireblocks, Anchorage)?

3a. Customer Fund Protection - Custodian (if any) Yes, fully segregated with insurance Segregated, no insurance Partially segregated Not segregated

3b. Customer Fund Protection - Cold storage % 3c. Customer Fund Protection - Insurance coverage (USD)

4a. Legal Issues

Any ongoing legal/regulatory proceedings or violations in past 3 years?

No issues Minor issues (resolved) Active proceedings Major violations/penalties 4b. Legal Issues - Details

5a. Geographic Restrictions

Do you block prohibited jurisdictions (sanctioned countries)?

Yes, comprehensive geo-blocking Partial restrictions No restrictions Under development 5b. Geographic Restrictions - Prohibited jurisdictions

Geo-blocking enforced via: IP filtering Wallet screening List enforcement tools

6a. Security Framework

Do you follow cybersecurity standards and conduct regular audits?

Yes, certified framework (ISO 27001/SOC 2) Internal standards, regular audits External audit without certification Basic security measures Limited security program

6b. Security Framework - Last security audit 6c. Security Framework - Bug bounty program

7a. Management Experience

Do key executives have financial services/compliance experience?

Yes, extensive regulatory experience Some financial services background Limited relevant experience

7b. Management Experience - CEO background 7c. Management Experience - CCO background

8a. Banking & Key Vendors

Do you have established banking relationships and compliance vendors?

Yes, tier-1 banks and compliance tools Regional banks, basic tools Limited banking, developing tools No stable banking relationships

8b. Banking & Vendors - Primary bank 8c. Banking & Vendors - Fiat on/off ramps managed

8d. Banking & Vendors - Partner name (if applicable)

9a. Financial Controls

Are you audited and maintain proper financial controls?

Yes, Big 4 audited with clean opinion Regional firm audited Documented internal controls with review Limited financial controls 9b. Financial Controls - Last audit date

10a. Regulatory Readiness

Are you prepared for upcoming regulatory changes?

Yes, actively monitoring and adapting Aware of changes, planning adaptation Limited awareness Not prepared for changes 10b. Regulatory Readiness - Biggest upcoming regulatory concern

Are you in industry groups (e.g., TRM Labs, GBBC, ADGM Sandbox)?

Yes (list below) No 10c. Regulatory Readiness - Working Groups

11. Token or Asset Risk Classification

Do you maintain a framework for determining whether an asset is a security or requires regulatory treatment?

Yes, internal legal opinion framework Yes, external counsel reviews N/A (no listing/token services) No formal framework

12. Disclosures & Transparency

Do you provide public financial or operational disclosures (e.g., proof-of-reserves, attestation reports, risk disclosures)?

Yes, monthly / quarterly Yes, annually No public disclosures

Disclaimer: This self-assessment is for informational purposes only and does not constitute legal advice.