Entity due diligence

Table of contents

What is entity due diligence?

In the context of crypto compliance, entity due diligence is the process of evaluating an entity — such as a crypto exchange, decentralized finance (DeFi) platform, decentralized autonomous organization (DAO), or other corporate body — to understand its identity, activities, risk exposure, and legitimacy.

Particularly in the crypto and digital asset space — where pseudonymity, global access, and rapidly evolving business models are common — entity due diligence is critical. It helps financial institutions safely onboard new crypto service providers, adhere to anti-money laundering (AML) mandates and sanctions enforcement, maintain compliance with regulatory obligations, and avoid inadvertently engaging with illicit actors.

Whether you're onboarding a virtual asset service provider (VASP) or vetting a liquidity provider, entity due diligence enables a deeper understanding of the organizations operating across the crypto ecosystem. It goes beyond identity verification and into counterparty risk assessment, behavioral analysis, and risk classification.

‍

Why does entity due diligence matter in crypto?

In traditional finance, due diligence processes rely heavily on official registries, physical addresses, and stable corporate structures. But in crypto, these things are much more fluid and quickly evolving. Entities may be registered in loosely regulated jurisdictions with limited government oversight and consumer protections. Or they may operate without a central office or leadership team (e.g. DAOs). And due to the pseudonymous nature of blockchains, the identities of the people or organizations behind wallet addresses aren’t immediately apparent.

This creates a unique set of challenges for compliance teams, investigators, regulators, and financial institutions. Without effective due diligence, organizations risk:

Onboarding or partnering with sanctioned or high-risk entities
Facilitating illicit activity like money laundering, terrorism financing, or ransomware
Reputational damage and enforcement actions
Regulatory noncompliance and audit failures

Conversely, robust entity due diligence allows for:

Confident onboarding of digital asset customers and partners
Risk-based segmentation and continuous monitoring proportional to an entity's risk profile
More efficient use of limited compliance resources
Compliance with AML, Know Your Customer (KYC), and sanctions regulations globally

For businesses operating in or offering digital assets, understanding who they’re interacting with — and how that entity behaves on-chain — is foundational to managing exposure and building trust.

‍

What are the typical steps involved in entity due diligence?

Entity due diligence for crypto businesses combines traditional risk assessment techniques with blockchain-native intelligence. The goal is to answer key questions like:

Who owns and controls the entity?
What does the entity do and where does it operate?
Does the entity behave the way we would expect based on stated business models, customers, and jurisdictions?
Is the entity linked to illicit activity or high-risk jurisdictions?

Depending on jurisdiction and risk level, the process may include the following steps:

Identity and ownership verification
Business activity profiling
Jurisdictional risk assessment
On-chain behavioral analysis
Sanctions screening
Continuous monitoring and enhanced due diligence

1. Identity and ownership verification

The first step in entity due diligence is confirming the legal and ownership structure of the organization. In crypto, entities can obscure beneficial ownership behind offshore registrations or complex layers of shell companies. Accurate identity verification lays the groundwork for understanding who ultimately controls the entity and whether they present a sanctions or reputational risk. This step involves:

Collecting corporate formation documents
Background checks for C-suite and executive leadership
Verifying beneficial ownership and control structures
Screening for politically exposed persons (PEPs)
Identifying links to sanctioned individuals or entities

2. Business activity profiling

Once ownership is confirmed, the next step is to understand what the entity actually does. In the crypto space, many entities offer services that straddle regulatory boundaries — such as DeFi protocols with centralized governance, OTC desks operating as shadow banks, or platforms with undisclosed service offerings. Profiling business activity ensures alignment between claimed operations and observed behavior. This step involves:

Understanding the entity’s products, services, and business model
Reviewing public and private data sources (e.g. websites, regulatory filings)
Analyzing transaction volumes, counterparties, and wallet activity

3. Jurisdictional risk assessment

Where an entity is registered and operates can significantly affect its risk profile. Entities incorporated in high-risk or non-cooperative jurisdictions may be subject to limited oversight or AML requirements. Jurisdictional analysis helps determine if the entity is operating within a legal environment that supports AML compliance, enforcement, and information sharing. This step involves:

Mapping where the entity is incorporated and operates
Assessing exposure to high-risk or non-cooperative jurisdictions
Cross-referencing FATF lists and regional watchlists

4. On-chain behavioral analysis

Unlike traditional financial systems, crypto enables direct visibility into transactional behavior. This step involves evaluating the entity’s on-chain activity to detect patterns that suggest elevated risk — such as links to darknet markets or the presence of nested exchanges or parasite VASPs. Behavioral intelligence adds a crucial layer of insight that traditional KYC processes often miss. This step involves:

Tracing funds associated with the entity’s wallets
Identifying high-volume wallets that may be indicative of nested services
Monitoring for exposure to high-risk categories like sanctions, terrorist financing, and scams
Monitoring for exposure to categories like gambling services or OTC platforms that fall outside of normal and expected behavior

5. Sanctions screening

Screening an entity against global sanctions lists and watchlists helps ensure compliance with international law and prevents inadvertent exposure to restricted actors. In the crypto context, entities can have indirect or hidden connections to sanctioned networks, making it vital to continuously screen and monitor not only names, but also wallet behavior and affiliations. This step involves:

Screening against OFAC, UN, EU, and other global lists
Identifying direct and indirect links to sanctioned actors
Ongoing monitoring for changes in designation

6. Continuous monitoring and enhanced due diligence

Entity due diligence should not be a one-time task. Ongoing monitoring is essential to capture shifts in ownership, behavior, or risk exposure. This step involves:

Conducting regular enhanced due diligence based on risk segmentation
Proactively detecting changes to an entity's risk score and changes to high-risk exposure

‍

What are common abuse patterns and red flags to look out for when conducting entity due diligence?

Illicit actors often create or exploit legal entities to facilitate crypto-enabled crime. These entities provide a veil of legitimacy while masking the identities and financial flows of those behind them. Below are common abuse patterns compliance teams should be trained to recognize and assess.

Common abuse patterns

Shell companies

These are entities with no actual business operations, created solely to open accounts or move funds. In crypto, shell companies are often linked to laundering schemes where they serve as placeholders for illicit wallet flows, helping criminals disguise the origin and purpose of funds.

Parasite virtual asset service providers (VASPs)

These are unregistered crypto service providers that operate by leveraging the infrastructure of larger, compliant exchanges — sometimes without the knowledge of the parent exchange or service. They typically interact with high-risk customers — forgoing KYC checks — and route their transactions through otherwise compliant platforms, creating hidden risk exposure.

Offshore entities

Entities registered in permissive jurisdictions can exploit weak AML enforcement to operate with minimal transparency. These jurisdictions may lack information-sharing agreements or beneficial ownership registries, making them appealing to illicit actors.

Layering structures

Criminal networks may establish multiple interconnected entities — sometimes across jurisdictions — to create complexity and obscure financial trails. In crypto, these structures can make it difficult to directly connect illicit activity and can artificially lower the risk exposure of the entity you're onboarding or partnering with.

Key red flags

Lack of beneficial ownership disclosure

When an entity is unwilling or unable to provide information about its ultimate owners, this may indicate an attempt to conceal illicit interests or evade sanctions. It should trigger enhanced scrutiny and, in many cases, rejection.

Repeated interaction with high-risk services

An entity’s frequent contact with gambling sites, darknet markets, or other high-risk destinations is a strong behavioral signal of potential money laundering or obfuscation activity.

Use of forged or unverifiable documents

Inaccurate, inconsistent, or clearly manipulated documents can signal a fraudulent application. This red flag may point to identity obfuscation, impersonation of legitimate businesses, or setup of shell entities.

Rapid formation or dissolution of related entities

Entities that are incorporated and shut down within short timeframes — or those that frequently change name, location, or structure — may be attempting to avoid detection or regulatory oversight. These patterns often indicate synthetic identities or illicit use of "burner" companies.

On-chain activity inconsistent with stated business purpose

When a declared "blockchain development firm" or "consulting service" is seen receiving and distributing large sums of crypto across unregulated exchanges or mixers, it could suggest the stated business is a front. Discrepancies between real behavior and claimed purpose should always be explored further.

Compliance teams should treat these red flags not as automatic indicators of wrongdoing, but as risk signals requiring deeper investigation and contextual analysis. The presence of one or more should inform a more rigorous due diligence and monitoring posture.

‍

What is the role of blockchain intelligence in entity due diligence?

Traditional due diligence relies on static documents and self-reported information. But crypto requires a dynamic approach. Blockchain intelligence enables compliance teams to move from a "snapshot-in-time" view of risk to a continuous, behavior-based model of risk assessment. It brings transparency to wallet activity, reveals hidden connections between entities, and enables proactive mitigation of exposure to illicit actors.

1. Linking wallets to entities

TRM's ground-truth intelligence and heuristics attribute related wallets to an entity. This is critical when entities attempt to fragment activity across multiple wallets to avoid detection.

Clustering heuristics identify wallets controlled by the same organization or individual
Attribution links wallets to known businesses, sanctioned entities, darknet markets, or fraud schemes
TRM provides entity profiles based on on-chain data, public sources, and proprietary intelligence

2. Risk scoring

TRM scores every entity based on on-chain risk exposure and customer-defined risk engine that's tailored to an organization's risk tolerance.

Surfaces easy-to-understand risk scores for every entity
Helps compliance teams prioritize deeper due diligence reviews and build initial risk profiles
Customizable risk engine enables institutions to align risk scoring within TRM with internal frameworks

3. Network analysis

TRM enables analysts and investigators to map entire networks of entities and wallets, uncovering indirect risk and behavioral patterns that may otherwise go unnoticed.

Interactive visualizations to trace transactions across chains
Enables discovery of nested services, intermediaries, or obfuscation tactics
Supports seamless investigations between addresses and entities
Enables collaboration across teams and between public and private sector

4. Ongoing monitoring

Risk is never static. TRM provides real-time monitoring and alerting for behavioral changes, sanctions updates, or new illicit associations.

Quickly identify when an entity's risk score has changed and why
Monitors for exposure to newly sanctioned wallets or services
Helps compliance teams meet regulatory requirements for ongoing due diligence

‍

Additional resources for entity due diligence

TRM Entity Due Diligence overview: Learn how TRM gives compliance teams a comprehensive view of on- and off-chain data for crypto entities to accelerate onboarding and enhanced due diligence
Key Considerations for Entity Due Diligence: See the framework and key questions to ask when evaluating VASPs and other entities
The Complete Crypto Compliance Program Guide for Financial Institutions: Build a comprehensive roadmap for identifying crypto exposure, assessing risk, and building defensible compliance programs
Managing Risk in the World of Crypto Payments: Get advice from experts from StraitsX, BVNK, and TRM Labs on how to manage risk when working with payment service providers (PSPs)