The Rabbit Hole

The Rabbit Hole is a counterparty intelligence and due diligence platform purpose-built for the crypto ecosystem. It provides institutional-grade risk scoring, compliance signals, regulatory licence verification, and enforcement history for crypto entities — giving compliance teams the data they need to make informed counterparty decisions.

Where legacy screening tools like WorldCheck bolt crypto coverage onto a TradFi framework, The Rabbit Hole is built from the ground up to reflect how risk actually manifests in digital assets: opaque ownership structures, jurisdictional arbitrage, unlicensed operations, commingled funds, and rapidly shifting regulatory landscapes.

• Compliance teams at crypto exchanges, custodians, and financial institutions conducting counterparty due diligence on crypto entities
• Risk officers assessing exposure to exchanges, DeFi protocols, custodians, and payment providers before establishing business relationships
• MLROs and AML analysts needing structured, evidence-backed data on whether a counterparty meets regulatory expectations
• Banks and payment processors onboarding or monitoring crypto-native clients and needing a crypto-specific risk lens
• Underwriters evaluating crypto-native businesses for insurance, lending, or investment exposure — using structured risk data to inform coverage and terms
• Auditors and consultants conducting independent assessments of crypto service provider risk profiles

Entities are categorised and scored across the following sectors:

Each entity profile includes its operating jurisdiction, corporate structure, year established, active/inactive status, and a comprehensive risk assessment built from 20 individually scored compliance criteria.

Every entity receives a composite risk score derived from 20 compliance-focused criteria, each scored independently on a 0–1 scale.

Penalty points are deducted for regulatory enforcement actions, sanctions, fraud convictions, and customer fund losses — meaning two entities with identical compliance programmes will score differently if one has a history of enforcement action. The result maps to four risk labels:

Scores are not static. Entities are monitored and rescored as new regulatory data, enforcement actions, or structural changes emerge.

Each criterion is individually scored with evidence and source attribution. The full set covers:

Beyond the raw score, each entity profile surfaces 10 key compliance signals — binary or graded indicators that give compliance teams immediate, actionable answers to the questions that matter most:

• Does this entity have an AML policy — and is it comprehensive?
• Does this entity enforce KYC — and to what standard?
• Is there a named compliance officer?
• Is transaction monitoring integrated — and how?
• Is the entity Travel Rule compliant?
• Does the entity support P2P trading, privacy coins, or gambling services?
• Does the entity operate in a sanctioned or FATF grey-listed jurisdiction?

Each signal is backed by evidence text and source URLs — no black-box outputs. Compliance teams can trace every signal to its underlying data.

The Rabbit Hole maintains structured regulatory licence records per entity, covering:

• Jurisdiction and regulator — which body issued the licence
• Licence type, number, and holder — the specific authorisation and the legal entity it was granted to
• Verification status — whether the licence has been verified against the regulator's public register
• Basel AML Index scores — per-jurisdiction AML risk rating from the Basel Institute

Regulatory data is sourced from national registers including the MAS (Singapore), FSA (Japan), ESMA/MiCAR (EU), FINMA (Switzerland), FCA (UK), and others — synchronised via automated pipelines with fuzzy-match routing for uncertain matches to a human review queue.

Active enforcement actions are tracked per entity, including:

• Penalty type, issuing authority, and date
• Fine amounts and penalty point deductions from the composite score
• Whether customer funds were impacted and estimated amounts lost
• Evidence summaries and source documentation

Enforcement data is sourced from the DOJ, SEC, FCA, FATF, and other regulatory bodies. Penalty points directly reduce an entity's composite risk score — ensuring that past misconduct is permanently factored into the risk assessment, not buried behind improving compliance metrics.

Users can subscribe to alerts on any entity. When new enforcement actions, regulatory changes, or incidents are detected and approved, subscribers receive email notifications with a summary of the change. Alerts are available across all subscription tiers.

The Rabbit Hole exposes a RESTful API for programmatic counterparty screening and entity lookup. API endpoints include:

• /v1/search — query entities by name, type, status, or risk label
• /v1/entity/{id} — retrieve the full risk profile, scoring detail, compliance signals, licence records, and penalty history for a single entity

The API returns the same depth of data available on the web platform — composite scores, all 20 criteria with evidence, regulatory licences, enforcement history, and compliance signals — enabling direct integration into internal compliance workflows, onboarding pipelines, and risk management systems.

Legacy screening tools were designed for traditional finance. They screen individuals against sanctions and PEP lists. The Rabbit Hole screens crypto entities against the compliance criteria that actually determine counterparty risk in digital assets.

The Rabbit Hole is operated by Hoptrail Limited, a crypto wealth analytics company servicing regulated institutions globally. Hoptrail is registered in England and Wales (Company No. 13691065).

ISO 27001 Certified — Information Security Management

For enquiries: info@hoptrail.io