The Rabbit Hole — Fact Sheet

01 What It Is

The Rabbit Hole is a counterparty intelligence and due diligence platform purpose-built for the crypto ecosystem. It provides institutional-grade risk scoring, compliance signals, regulatory licence verification, and enforcement history for crypto entities — giving compliance teams the data they need to make informed counterparty decisions.

Where legacy screening tools like WorldCheck bolt crypto coverage onto a TradFi framework, The Rabbit Hole is built from the ground up to reflect how risk actually manifests in digital assets: opaque ownership structures, jurisdictional arbitrage, unlicensed operations, commingled funds, and rapidly shifting regulatory landscapes.

> "If WorldCheck tells you who someone is, The Rabbit Hole tells you whether you should be doing business with their exchange."

02 Who It's For

Compliance teams

Crypto exchanges, custodians, and financial institutions conducting counterparty due diligence on crypto entities.

Risk officers

Assessing exposure to exchanges, DeFi protocols, custodians, and payment providers before establishing relationships.

MLROs & AML analysts

Needing structured, evidence-backed data on whether a counterparty meets regulatory expectations.

Banks & payment processors

Onboarding or monitoring crypto-native clients with a crypto-specific risk lens.

Underwriters

Evaluating crypto-native businesses for insurance, lending, or investment exposure.

Auditors & consultants

Conducting independent assessments of crypto service provider risk profiles.

03 Platform Coverage

Entities are categorised and scored across the following sectors:

Exchange Custody DeFi DEX Capital Markets Financial Services Payments NFT Marketplace Gambling High Risk Entities

Each entity profile includes its operating jurisdiction, corporate structure, year established, active/inactive status, and a comprehensive risk assessment built from 20 individually scored compliance criteria.

04 Risk Scoring

Every entity receives a composite risk score derived from 20 compliance-focused criteria, each scored independently on a 0–1 scale.

Penalty points are deducted for regulatory enforcement actions, sanctions, fraud convictions, and customer fund losses — meaning two entities with identical compliance programmes will score differently if one has a history of enforcement action. The result maps to four risk labels:

Low ≥75 Medium ≥50 High ≥25 Critical <25

Scores are not static. Entities are monitored and rescored as new regulatory data, enforcement actions, or structural changes emerge.

05 20 Scoring Criteria

Each criterion is individually scored with evidence and source attribution. The full set covers:

AML Policy

KYC Policy

Compliance Officer

Transaction Monitoring

Travel Rule Compliance

Privacy Coin Support

P2P Trading Services

Gambling / Wagering

Sanctioned Jurisdictions

FATF Grey List Exposure

Regulatory Licences

Regulatory Breadth

Highest Regulatory Approval

OFAC SDN Checks

Insurance Coverage (coming soon)

Audit History

Corporate Transparency

High-Risk Entity Screening

Incident History

Operational Track Record

06 Compliance Signals

Beyond the raw score, each entity profile surfaces 10 key compliance signals — binary or graded indicators that give compliance teams immediate, actionable answers to the questions that matter most:

Does this entity have an AML policy — and is it comprehensive?
Does this entity enforce KYC — and to what standard?
Is there a named compliance officer?
Is transaction monitoring integrated — and how?
Is the entity Travel Rule compliant?
Does the entity support P2P trading, privacy coins, or gambling services?
Does the entity operate in a sanctioned or FATF grey-listed jurisdiction?

Each signal is backed by evidence text and source URLs — no black-box outputs. Compliance teams can trace every signal to its underlying data.

07 Regulatory Data

The Rabbit Hole maintains structured regulatory licence records per entity, covering:

Jurisdiction and regulator — which body issued the licence
Licence type, number, and holder — the specific authorisation and the legal entity it was granted to
Verification status — whether the licence has been verified against the regulator's public register
Basel AML Index scores — per-jurisdiction AML risk rating from the Basel Institute

We source directly from 13 regulatory registers worldwide — and extend coverage beyond these through targeted screening of additional jurisdictions and licensing bodies.

Data sourced from

🇬🇧

FCA

United Kingdom

🇺🇸

FinCEN

United States

🇺🇸

NYDFS

United States

🇨🇦

FINTRAC

Canada

🇻🇬

FSC

British Virgin Islands

🇰🇾

CIMA

Cayman Islands

🇸🇬

MAS

Singapore

🇭🇰

SFC

Hong Kong

🇪🇺

ESMA

European Union

🇯🇵

FSA

Japan

🇦🇪

VARA

UAE — Dubai

🇦🇪

FSRA

UAE — Abu Dhabi

🇨🇼

CGA

Curaçao

All registers are synchronised via automated pipelines with fuzzy-match routing — uncertain matches are flagged to a human review queue rather than auto-confirmed.

08 Enforcement & Penalties

Active enforcement actions are tracked per entity, including:

Penalty type, issuing authority, and date
Fine amounts and penalty point deductions from the composite score
Whether customer funds were impacted and estimated amounts lost
Evidence summaries and source documentation

Enforcement data is sourced from the DOJ, SEC, FCA, FATF, and other regulatory bodies. Penalty points directly reduce an entity's composite risk score — ensuring that past misconduct is permanently factored into the risk assessment, not buried behind improving compliance metrics.

09 Real-Time Alerts

Users can subscribe to alerts on any entity. When new enforcement actions, regulatory changes, or incidents are detected and approved, subscribers receive email notifications with a summary of the change. Alerts are available across all subscription tiers.

10 Integrity News

The Rabbit Hole includes a live integrity news feed — a continuously updated monitor tracking enforcement actions, security breaches, sanctions, and regulatory events across all tracked entities.

Each event is classified by type and severity:

Enforcement — regulatory fines, licence revocations, cease-and-desist orders
Security Breach — hacks, exploits, and fund losses with estimated values
Sanctions — OFAC designations, asset freezes, and sanctioned-entity interactions
Regulatory — new licence grants, licence suspensions, and regulatory status changes

Events include the affected entity, headline summary, date, estimated financial impact, source attribution, and a direct link to the original source. A scrolling ticker surfaces the most recent events across all categories, and filter controls allow compliance teams to isolate specific event types.

The feed is updated automatically and serves as a passive monitoring layer — ensuring compliance teams are aware of material developments across the crypto ecosystem without manual research.

11 API Access

The Rabbit Hole exposes a RESTful API for programmatic counterparty screening and entity lookup. API endpoints include:

/v1/search — query entities by name, type, status, or risk label
/v1/entity/{id} — retrieve the full risk profile, scoring detail, compliance signals, licence records, and penalty history for a single entity

The API returns the same depth of data available on the web platform — composite scores, all 20 criteria with evidence, regulatory licences, enforcement history, and compliance signals — enabling direct integration into internal compliance workflows, onboarding pipelines, and risk management systems.

12 Why Not WorldCheck?

Legacy screening tools were designed for traditional finance. They screen individuals against sanctions and PEP lists. The Rabbit Hole screens crypto entities against the compliance criteria that actually determine counterparty risk in digital assets.

Capability	The Rabbit Hole	WorldCheck / Legacy
Crypto-native entity coverage	Purpose-built	Bolted on
20-criteria compliance scoring	Yes	No
AML / KYC / Travel Rule signals	Per entity	Not assessed
Regulatory licence verification	Multi-jurisdiction	Limited
Enforcement action tracking	With penalty scoring	Alerts only
Risk scoring with evidence	Transparent	Black box
DeFi / DEX / NFT coverage	Yes	No
API for workflow integration	RESTful	Yes

13 Company

The Rabbit Hole is operated by Hoptrail Limited, a crypto wealth analytics company servicing regulated institutions globally. Hoptrail is registered in England and Wales (Company No. 13691065).

ISO 27001 Certified — Information Security Management

For enquiries: info@hoptrail.io