Skip to content

CASP Compliance Guide

How to use CryptaChain API to meet MiCA compliance requirements for Crypto-Asset Service Providers.

MiCA Article 38: Obligations

Under MiCA, CASPs must:

  1. Screen all deposit addresses before processing incoming transfers
  2. Monitor ongoing transactions for sanctions violations
  3. Implement Travel Rule data exchange for transfers above EUR 1,000
  4. Maintain records of all screening decisions and risk assessments

CryptaChain helps with requirements 1-3 via the screening and wallet APIs.

Step 1: Screen every deposit address

Before crediting a customer deposit, screen the sending address:

typescript
async function screenDeposit(address: string, chain: string) {
  const res = await fetch('https://api.cryptachain.com/v1/screen/address', {
    method: 'POST',
    headers: {
      'X-API-Key': process.env.CRYPTACHAIN_API_KEY!,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({ address, chain, mode: 'fast' }),
  });

  const screening = await res.json();

  if (screening.sanctions_match) {
    // BLOCK: Do not process. Alert compliance team.
    await alertCompliance('SANCTIONS_HIT', screening);
    return { action: 'BLOCK', reason: 'sanctions_match' };
  }

  if (screening.risk_score >= 70) {
    // HOLD: Queue for manual review
    await queueForReview(screening);
    return { action: 'HOLD', reason: 'high_risk_score' };
  }

  // ALLOW: Proceed with deposit
  return { action: 'ALLOW', risk_score: screening.risk_score };
}

Step 2: Configure continuous monitoring

Set up a webhook to receive real-time notifications:

  1. Register your webhook URL in the developer dashboard
  2. Handle SANCTIONS_LIST_UPDATED events to re-screen known addresses
  3. Handle HEURISTICS_COMPLETE events for full-mode screening results

Step 3: Record keeping

Store all screening results for regulatory audit:

typescript
// After every screening call
await db.screeningLog.create({
  address: screening.address,
  chain: screening.chain,
  risk_score: screening.risk_score,
  sanctions_match: screening.sanctions_match,
  flags: screening.flags,
  decision: action, // ALLOW, HOLD, BLOCK
  screened_at: screening.screened_at,
  api_response: JSON.stringify(screening), // Full response for audit
});

Step 4: Periodic re-screening

Re-screen all known customer addresses when sanctions lists are updated:

typescript
// Webhook handler
if (event.type === 'SANCTIONS_LIST_UPDATED') {
  const customerAddresses = await db.customers.findAll({ select: ['addresses'] });
  for (const addr of customerAddresses) {
    await screenDeposit(addr.address, addr.chain);
  }
}

Compliance checklist

  • [ ] All incoming deposit addresses screened before processing
  • [ ] Sanctions hits block the transaction and alert compliance
  • [ ] High risk scores (>70) queue for manual review
  • [ ] Screening results stored with full API response for audit
  • [ ] Webhook configured for SANCTIONS_LIST_UPDATED events
  • [ ] Customer addresses re-screened on sanctions list updates
  • [ ] Travel Rule data collected for transfers > EUR 1,000

CryptaChain API — built by CryptaCount Luxembourg S.a r.l.