CASP Compliance Guide
How to use CryptaChain API to meet MiCA compliance requirements for Crypto-Asset Service Providers.
MiCA Article 38: Obligations
Under MiCA, CASPs must:
- Screen all deposit addresses before processing incoming transfers
- Monitor ongoing transactions for sanctions violations
- Implement Travel Rule data exchange for transfers above EUR 1,000
- Maintain records of all screening decisions and risk assessments
CryptaChain helps with requirements 1-3 via the screening and wallet APIs.
Recommended implementation
Step 1: Screen every deposit address
Before crediting a customer deposit, screen the sending address:
typescript
async function screenDeposit(address: string, chain: string) {
const res = await fetch('https://api.cryptachain.com/v1/screen/address', {
method: 'POST',
headers: {
'X-API-Key': process.env.CRYPTACHAIN_API_KEY!,
'Content-Type': 'application/json',
},
body: JSON.stringify({ address, chain, mode: 'fast' }),
});
const screening = await res.json();
if (screening.sanctions_match) {
// BLOCK: Do not process. Alert compliance team.
await alertCompliance('SANCTIONS_HIT', screening);
return { action: 'BLOCK', reason: 'sanctions_match' };
}
if (screening.risk_score >= 70) {
// HOLD: Queue for manual review
await queueForReview(screening);
return { action: 'HOLD', reason: 'high_risk_score' };
}
// ALLOW: Proceed with deposit
return { action: 'ALLOW', risk_score: screening.risk_score };
}Step 2: Configure continuous monitoring
Set up a webhook to receive real-time notifications:
- Register your webhook URL in the developer dashboard
- Handle
SANCTIONS_LIST_UPDATEDevents to re-screen known addresses - Handle
HEURISTICS_COMPLETEevents for full-mode screening results
Step 3: Record keeping
Store all screening results for regulatory audit:
typescript
// After every screening call
await db.screeningLog.create({
address: screening.address,
chain: screening.chain,
risk_score: screening.risk_score,
sanctions_match: screening.sanctions_match,
flags: screening.flags,
decision: action, // ALLOW, HOLD, BLOCK
screened_at: screening.screened_at,
api_response: JSON.stringify(screening), // Full response for audit
});Step 4: Periodic re-screening
Re-screen all known customer addresses when sanctions lists are updated:
typescript
// Webhook handler
if (event.type === 'SANCTIONS_LIST_UPDATED') {
const customerAddresses = await db.customers.findAll({ select: ['addresses'] });
for (const addr of customerAddresses) {
await screenDeposit(addr.address, addr.chain);
}
}Compliance checklist
- [ ] All incoming deposit addresses screened before processing
- [ ] Sanctions hits block the transaction and alert compliance
- [ ] High risk scores (>70) queue for manual review
- [ ] Screening results stored with full API response for audit
- [ ] Webhook configured for
SANCTIONS_LIST_UPDATEDevents - [ ] Customer addresses re-screened on sanctions list updates
- [ ] Travel Rule data collected for transfers > EUR 1,000