Third-Party Integrations: How They Play Into Crypto Risk & Compliance Data Infrastructure

Decisions come from conviction — be it in the legal world, the world of sports, or technology. 

‍

Conviction, in turn, is based on data that is aggregated through experience, intuition, logic, a well-established playbook, or, explicit data gathering efforts such as surveys, interviews, and events.

‍

In the world of risk and compliance, the ability to drive robust and cohesive risk investigations is centered around gathering as much data about the situation in question as possible. A “situation” in this instance may be a transaction, a login, an account creation process, or even a smartphone being unlocked (in today’s world of device intelligence).

‍

In that way, every action is a data generator that can be used to sway a decision in one way or another. This is the power that data brings.

‍

But, without the proper system for capturing and analyzing these bits and pieces of information (or the understanding of how to wield these data points to influence decision-making), “data” alone is useless.

‍

Here, we’ll talk about the importance of data infrastructure in cryptocurrency compliance and how third-party integrations can play an integral role in shaping risk decisions within infrastructure platforms.

‍

‍

Why Data Infrastructure Matters

“A data platform combines data from various datasets and acts as a centralized hub where it can be harnessed for analysis and integrations.”

‍

The above is an excerpt from Are Morch’s quotes on data platforms.

‍

As noted, risk and compliance platforms heavily rely on data, including:

• User data. 
• Behavioral and transactional data from their clients. 
• Third-party signal data from their partners. 
• Behavioral and device data through native financial or crypto applications.

‍

Specific to crypto, this information could also include:

• Transactional hashes and blockchain metadata.
• Wallet addresses and metadata.

‍

That being said, no single data provider can cater to all of their clients’ end users' data requirements at scale. Period. 

‍

Integration platform Pandium recently published a report on the thousand fastest growing SaaS companies and noticed one thing in common between them all:

‍

A large amount of third-party data is integrated into their core systems, with an average of 98 product integrations across all these companies.

‍

At the end of the day, deep specialization in one product area takes a lot of focus and engineering time, and that is where third-party data integrations are paramount. 

‍

But getting all of that third-party data situated in one accessible environment is another complexity in the process.

‍

‍

The Universal Integration Conundrum

While the idea of ingesting and managing as much decision-enriching data is extremely attractive, there are many hurdles to overcome.

‍

Typically, business stakeholders — both on the client’s side and the service provider’s side — love talking about integrations.

‍

‍

….And it makes sense.

‍

By nature, they bring various opportunities, such as:

‍

• Joint selling motions with tech partners
• Referral or reseller agreements
• Increased engagement and product stickiness
• Targeted marketing opportunities via case studies and brand association (SEO)

‍

But talk to technical stakeholders, and the story changes a bit.

‍

In software, the answer to the question “Can you build this?” is usually “Yes, with the right time and resources.” 

‍

But it is usually followed by a question: Who will maintain this integration?

‍

Most of the time, this dilemma can be traced back to some or all of the following reasons:

‍

• Uptime dependencies on third-party data sources (i.e., if a vendor is experiencing downtime, the R&C infrastructure tied to the vendor in question also goes down.)
• Increased service latency, usually proportional to being performant (requiring ‘wait times’ for request and response processing on third-party systems.)
• The constant need to update the internal codebase to match the changes on the vendor's side, such as version upgrades.
• Difficulty debugging bugs and issues that periodically occur.

‍

‍

Bringing the Data to the Customer

Crypto companies must decide when to introduce third-party data partners into their core platform in building data infrastructure. The nature of the data handoff between systems can vary quite a bit. 

‍

Below are three ways that data integrations typically work. 

‍

‍

1. In-Product Data Integrations 

Think about the last time you allowed Coinbase or Venmo to make money transfers on your account. It’s quite likely that you used Plaid to link your bank account, through an ‘in-product’ integration, which allowed you to provide your banking credentials to authorize them. 

‍

Such integrations are generally “data out” integrations, where an app or service pushes data to a third-party vendor or partner to bundle their respective offerings. 

‍

Management of the API calls, user experience, and service performance and latency usually lies with the native product.

‍

‍

‍

2. Data Ingestion Integrations 

Equally as popular as in-product integrations, these require a service provider to ingest data either via API or another reliable method, with the caveat that they require to conform to their partners’ schemas, and controlling the entire user experience may be difficult. 

‍

However, latency issues and downtime can be proactively managed from the service providers’ perspective, ensuring their users are not left disengaged. An example here would be the ‘industry news’ feed on the top right of your LinkedIn profile, that at times appears disjointed and laggy compared to the smooth experience of the core product.

‍

‍

3. Complementary Integrations 

Complementary integrations are a marriage of convenience, both for the partners in question, as well as consumers of the resultant bundled offerings. The integration between your MS Outlook/Gmail instance with Salesforce to help track lead engagement is a great example. Both products can be used independently to accomplish the task, but a simple integration enriches the whole user experience.

‍

‍

How to Empower New-Age Crypto Companies Using Third-Party Integrations

To enable a workflow with sticky user experiences, product teams at infrastructure companies must balance quantity, quality, and reputation (which in turn brings popularity) of third-party data sources. It's not a question of whether you should adopt a solution, but instead a question of when the best time is.

‍

That is why integrations within these services must be their own product area, and effectively live as a ‘first class’ citizen within the technology stack. AI and machine learning will modernize fraud and AML solutions, streamlining improvements and automating repetitive tasks.

‍

Additionally, no singular type among the non-exhaustive list above is sufficient as a holistic, scalable strategy. Most providers (both in crypto and otherwise) end up with a mix of one or more types of integrations that best suit their target use cases, based on factors such as

‍

• Opportunity to unlock new use cases and expand accounts / onboard new customers
• Go to market motions (for instance, what is the “better together” story, and how do we tell this to our joint customers?)
• Industry trends - Case in point, crypto compliance has been a hotly debated topic over the last 2 years.
• Ease of software development and maintenance.

‍

‍

The Tenets of a Risk and Compliance Infrastructure Platform

Building a risk and compliance platform requires heavy resource investment into a core feature set, and low to moderate investments in secondary, auxiliary, and sometimes peripheral features. 

‍

Peripheral features are often a result of early attempts to scale a product or service, in the immortal words of Paul Graham, “Do things that don’t scale. Then, scale them!”

‍

The tenets of a robust risk and compliance platform could involve some or all of the following

1. Core competency: This is the platform's USP (Unique selling point), typically the product that helps accomplish Product Market Fit (PMF). In the Risk and Compliance world, this could be Data Monitoring, Case Management, Device Intelligence, Identity Verification, etc, to name a few.

‍

2. Product extensions: These would be a set of features that enhance the value of the core offering, thereby making the overall platform stickier i.e., deeply embedded into the customers’ workflows, making it harder for customers to switch to other offerings. Some bundled features go hand-in-hand: Sanctions screening with KYC, Case Management with KYC and Transaction monitoring, etc. 

‍

3. Customer-driven features: These refer to a feature or product area that is influenced by the market in which the core product has found a fit. Third-party data integrations usually fall into this category. The customer problem statements that govern these features usually look like this.

“I wish I could see the data from the blockchain using a single click in the platform”
“I want to build aggregated reports using a unified tool”
“I want to see a snapshot of data about the performance of my crypto compliance program”

‍

4. Support and enablement: Support and enablement for customers are critical factors in account growth, customer satisfaction, and engagement over the full lifecycle. Committing and complying with SLAs, gathering structured and periodic feedback, obtaining data around emergent regulatory frameworks, and education and training pipelines for feature awareness is an often neglected area within the development of an infrastructure platform.

All in all, the goal of a Risk and Compliance infrastructure platform should be to provide a ‘Whole Product’ experience to the customer, thereby solving multiple use cases, and enabling organic account growth and a mutually beneficial customer experience. 

‍

‍

‍

How Unit21 Enables Crypto Compliance Teams

Unit21 is dedicated to helping our customers unlock new avenues in crypto and Web3. As the crypto space grows into more and more applications and towards mainstream adoption, Regtech in crypto has become a major focus area. 

Unit21 is integrated with Chainalysis KYT (Know-Your-Transaction) to combine their industry-renowned blockchain intelligence with a comprehensive snapshot of all account opening, transactional and ongoing activity on Unit21. The Unit21 data platform enables investigators at crypto companies or crypto teams within larger fintechs to view and manage all alert investigations in a single pane of glass. 

‍

To further optimize operational workloads, Unit21 provides a proprietary Alert score that is underpinned by a vetted machine learning module that is trained on your prior alert dispositions and behaviors. Using a combination of the two products, crypto investigations typically flow like this:

• Potential suspicious activity triggers an alert in Chainalysis
• Alert is automatically synced to Unit21 for investigation
• Agents can view the alert and action on them within Unit21, or have the option to navigate to Chainalysis for comprehensive research directly.
• Dispositions and changes to alerts, as well as comments, are synced bi-directionally, i.e., an agent can choose to act on an alert on either platform, and Unit21 will sync the data automatically
• If a Suspicious Activity Report (SAR) is needed in the US, Unit21 provides an easy-to-use interface to file to FinCEN directly and supports Suspicious Transaction Reports (STRs) for GoAML-compliant FIUs.

‍

If you want more information regarding Unit21’s integration with Chainalysis, get in touch to request a demo today!

‍