Crypto exposure is no longer limited to niche clients or speculative portfolios. For many high-net-worth individuals, crypto assets now represent a material component of overall wealth. As a result, financial institutions are increasingly required to assess, onboard, and continuously monitor clients whose source of wealth includes on-chain activity.
While regulatory expectations around crypto compliance are relatively clear, many institutions still struggle to operationalize them in a scalable, consistent, and defensible way. To illustrate what effective crypto lifecycle compliance looks like in practice, the following example walks through a representative client case — from onboarding through ongoing monitoring and escalation.
This case is illustrative and based on common patterns observed across financial institutions.
The Client Context
A private bank is approached by a prospective high-net-worth client.
Total net worth: CHF 10 million
Crypto exposure: Approximately CHF 3 million
Holding structure: Self-custody wallets, with historical activity across centralized exchanges and DeFi protocols
Client request: Onboarding into a discretionary mandate with the bank
Crypto is not the client’s sole source of wealth, but it is material enough to require a structured source-of-wealth and source-of-funds assessment.
Step 1: Crypto Onboarding and Initial Risk Assessment
As part of the standard onboarding process, the client provides the wallet addresses associated with their crypto holdings. No additional blockchain-specific documentation is requested upfront.
WalletCheck analyzes the submitted wallets and performs the following checks:
Multi-hop transaction tracing
Identification of counterparties and known entities
Screening against global sanctions lists
Source-of-funds attribution (e.g. exchanges, DeFi protocols)
Within minutes, the compliance team receives a structured result:
Overall risk rating: Low
Key findings:
Funds primarily originated from regulated exchanges
No sanctions exposure
No interaction with known high-risk services
A clear recommendation is provided: the client may be onboarded under standard onboarding procedures. A full, audit-ready report documenting the analysis and decision rationale is automatically generated and stored in the client file.
Step 2: Post-Onboarding — Continuous Monitoring
Following onboarding, the client relationship enters the monitoring phase.
The bank configures WalletCheck’s automated periodic reviews in line with its internal risk policy. In this case they decide on an annual re-screening of wallet activity, this triggers an automated full re-analysis after one year with dedicated notifications in case of risk changes.
WalletCheck also continuously monitors wallet transactions in real-time for material risk changes to ensure potential risks can be escalated immediately rather than only during the upcoming periodic review. For several months, no alerts are generated. The client’s crypto activity remains consistent with the original onboarding profile.
From a compliance perspective, this phase is intentionally quiet. No manual reviews are triggered, and no additional effort is required from the compliance team — both periodic monitoring and transaction monitoring run automatically and maintain full oversight, without the need for human intervention.
Step 3: A Risk Event Occurs
Approximately six months after onboarding, the client executes a transaction that alters their risk profile.
Funds are transferred to a counterparty address that has recently been flagged in open-source intelligence and industry datasets as being associated with a known crypto scam.
WalletCheck detects the change through real-time transaction monitoring and automatically triggers an alert based on this newly identified scam exposure.
The compliance team is notified of:
The specific transaction
The nature of the risk change
The reason for the alert (newly identified high-risk counterparty)
The client’s risk classification is escalated accordingly.
Step 4: Investigation and Compliance Response
Rather than relying on ad-hoc investigations or external consultants, the compliance team uses WalletCheck to do a full re-analysis of the wallet.
They are able to:
Trace the transaction path leading to the flagged address
Confirm the nature and timing of the scam designation
Assess whether the exposure is isolated or part of a broader pattern
Review the transaction relative to the client’s historical behavior
Based on the findings, the bank initiates an enhanced due diligence process. The client is contacted and asked to provide context for the transaction.
At this stage, the compliance decision remains open. The objective is not automatic rejection, but informed assessment.
All investigative steps, findings, and decisions are documented automatically.
Step 5: Outcome and Documentation
Following the review, the bank determines the appropriate course of action in line with its internal policies and risk appetite. Depending on the client’s explanation and the broader assessment, this may include:
Continued relationship with enhanced monitoring
Additional controls or restrictions
Relationship exit
Regardless of the outcome, the institution retains:
A complete audit trail
Clear documentation of decision-making
Regulator-ready reports covering onboarding, monitoring, alerting, and investigation
If regulators, auditors, or internal risk committees later request evidence, the institution can demonstrate not only what decision was made, but how and why it was made — at every stage of the client lifecycle.
Why Lifecycle-Based Compliance Matters
This illustrative case highlights a key reality: crypto compliance is not a point-in-time exercise.
A client who is low-risk at onboarding can become higher-risk later due to changes in counterparties, emerging intelligence, or evolving transaction behavior. Regulators expect financial institutions to detect and respond to these changes proactively.
Manual processes, one-off external reviews, and investigation-only tools are not designed to support this end-to-end lifecycle. What is required instead is a unified approach that integrates onboarding, periodic reviews, continuous monitoring, and investigation into a single workflow.
A Lifecycle Approach to Crypto Compliance
WalletCheck is designed around this lifecycle perspective. It supports compliance teams from initial onboarding through ongoing monitoring and, where necessary, deeper investigation.
By combining structured risk assessments, continuous monitoring, and audit-ready documentation in one platform, financial institutions can manage crypto exposure in a way that is scalable, consistent, and defensible.
Crypto lifecycle compliance does not need to be complex to be robust. It needs to be operational, proportionate, and aligned with regulatory expectations.
To learn more about how WalletCheck supports crypto compliance across the full client lifecycle, contact us at:
