Compliance Flow with CRYMBO

CRYMBO Oracle is purpose-built to help VASPs and DeFi protocols meet international compliance standards, especially the FATF Travel Rule. This section explains how identity requests, data handling, and verification comply with KYC/AML guidelines.

Regulatory Frameworks Supported

FATF Travel Rule (Recommendation 16)
MiCA (Markets in Crypto-Assets Regulation)
Local KYC/AML rules per jurisdiction

Flow Summary

The compliance process unfolds in four main stages:

1. Verified VASP Participation

Every participant must pass KYB checks
Only onboarded entities can send or receive PII

2. On-Chain Request Trigger

Transaction-based identity requests are made via smart contract
The oracle logs the event and ensures authorization

3. Secure PII Transfer

Identity data is encrypted using the receiver’s public key
CRYMBO routes it securely via a PIIRequested event or Push API

4. Audit & Replay Protection

Each request is timestamped
Nonce values prevent replay attacks
Off-chain logs can be accessed by regulators (when authorized)

Principles Followed

Data Minimization: Only required identity elements are exchanged
Encryption: PII is always encrypted end-to-end
No On-Chain PII: Only event signals and hashes go on-chain
Access Control: VASPs are authenticated via CRYMBO credentials

Regulator Access (Optional)

Authorized regulators can:

View metadata of compliant transactions
Access encrypted logs when granted by involved VASPs
Verify VASP onboarding and KYB history

✅ This flow ensures that every identity exchange via CRYMBO Oracle is secure, auditable, and Travel Rule-compliant.

Regulatory Frameworks Supported​

Flow Summary​

1. Verified VASP Participation​

2. On-Chain Request Trigger​

3. Secure PII Transfer​

4. Audit & Replay Protection​

Principles Followed​

Regulator Access (Optional)​