Introduction
Address Screening lets you check the risk of an address on an ad-hoc, on-demand basis, outside the automatic transfer flows (KYT/KYW). It is useful when the instance needs to assess an individual address — for example, when registering a counterparty, validating a withdrawal address, or running a manual compliance review — without originating a transaction.
The feature is API-only and is currently available only with Chainalysis.
Prerequisites
To use Address Screening, the instance must meet all of the conditions below:
- Have Chainalysis connected under Compliance > Providers, with valid credentials.
- Have the Address Screening product contracted with Chainalysis (it is a separate product from KYT).
- Have AML Screening active, with Chainalysis selected as the provider.
If any of the conditions above is not met, the request is rejected.
How it works
When you screen an address, the Platform uses the provider connected in AML Screening and the configured Risk Profile to interpret the provider’s response and return an assessment of that address. The result is returned already normalized into the Platform’s standard format — the same one used in the trasnfer flows — so there is no need to parse the provider’s raw response.
Based on the configured Risk Profile, the address is classified as:
- risk equal to or greater than the configured level → RISKY;
- risk below the configured level → NOT_RISKY;
- a failure in the request → ERROR;
- no response within the configured waiting time → TIME_OUT.
Provider-specific considerations
How the address risk is calculated depends on the provider used. The specifics of each provider are described below.
Chainalysis
Chainalysis evaluates Address Screening based on an aggregated risk field of the address (risk), with the values Low, Medium, High, and Severe. The AML engine applies the Risk Profile settings directly to this aggregated value.
This criterion is different from the one used in the automatic flows (KYT/KYW), which evaluate direct-exposure alerts by severity level.
Request parameters
Input:
- Address (required) — the address to be assessed.
- Memo / Tag (optional) — additional identifier for networks that use memo/tag.
There is no need to provide the network: Chainalysis identifies the network from the address itself.
Response (main fields):
- Screening ID — unique identifier of the assessment in the Platform.
- Provider — provider used in the assessment (e.g., Chainalysis).
- Provider Connection ID — identifier of the provider connection used.
- AML Check — standardized risk result:
NOT_RISKY,RISKY,ERROR, orTIME_OUT. - Provider Screening ID — identifier returned by the provider, when applicable.
- Timestamp (UTC) — date and time of the assessment.
- Raw Data — raw provider response.
Visibility and reports
Every Address Screening request is recorded in the AML Screening Report (Reports > AML Screening), just like the automatic assessments, with the following differences:
- Screening Type =
MANUAL(distinguishing it from theAUTOMATICassessments triggered by the engine). - Screened Subject =
ADDRESS. - Address = the address that was screened.
- Network = empty (not applicable).
ERROR and TIME_OUT results are also recorded. Each request generates an audit trail capturing who ran it, when, and the address and result.
Frequently Asked Questions (FAQ)
Is Address Screening available in the Platform interface?
No. The feature is API-only.
Which providers are supported in Address Screening?
Currently, only Chainalysis.
Where can I see the history of standalone screenings?
In the AML Screening Report, in the reports section, filtering by
Screening Type = MANUAL.
What happens if Chainalysis does not respond?
If there is a failure, the result is ERROR; if there is no response within the configured waiting time, the result is TIME_OUT. In both cases, the query is recorded in the report.