Screening Methodology
This document describes how AMLRadar screens crypto addresses and entities, how the risk score is calculated, and what confidence level is assigned to each check. It is intended for compliance officers, MLROs, and technical teams integrating the API.
Last updated: June 17, 2026 · Version 1.2
Contents
1. Data Sources2. Wallet Screener — Check Logic3. Entity Screener — Matching Logic4. Risk Score Calculation5. Mixer Exposure Detection6. Confidence Levels7. Caching and Freshness8. Limitations and Disclaimer1. Data Sources
AMLRadar aggregates three official sanctions lists, updated automatically every 6 hours:
| Source | Publisher | Update frequency | Crypto addresses |
|---|---|---|---|
| OFAC SDN List | US Treasury | Monitored every 6h | 780+ as of June 2026 |
| EU Consolidated List | EEAS | Monitored every 6h | 0 — list does not contain crypto addresses |
| UK OFSI List | HM Treasury | Monitored every 6h | 12 as of June 2026 |
2. Wallet Screener — Check Logic
When you submit an address to /api/screener/check, AMLRadar performs the following checks in order:
Address normalization
EVM addresses (ETH, ARB, BASE, MATIC, BNB) are lowercased. All other chain addresses are stripped of whitespace.
Cache lookup
Results are cached for 24 hours per address/chain pair. A cached result is returned immediately with from_cache: true.
Sanctions database check
The normalized address is matched against all active entries using a case-insensitive exact match (SQL ILIKE).
High-risk address check
The address is checked against a manually curated database of known mixer addresses and addresses associated with documented hacks or scams.
Indirect mixer exposure (EVM only)
For EVM chains, AMLRadar queries Etherscan to retrieve the last 100 transactions and checks each counterparty against known mixer contracts.
Risk score calculation
A composite risk score (0–100) is calculated from all check results. See Section 4.
3. Entity Screener — Matching Logic
The entity screener (/api/screener/entity) searches names across all sanctioned entity records using three matching levels:
| Match type | Logic | Confidence |
|---|---|---|
| EXACT | Case-insensitive full string match against entity_name | HIGH |
| PARTIAL | Query is contained within entity_name, or vice versa | MEDIUM |
| FUZZY | ≥2 significant tokens match, covering ≥50% of the query | LOW |
4. Risk Score Calculation
The risk score is a composite integer (0–100) calculated from all check results:
| Factor | Points | Notes |
|---|---|---|
| OFAC SDN match | +60 | Highest weight — primary enforcement list |
| UK OFSI match | +55 | Direct legal effect in EU context |
| EU Consolidated match | +50 | Applied when EU list contains crypto addresses |
| Multi-list overlap bonus | +10 per additional list | Applied when address appears in 2+ lists |
| Direct mixer (known address) | +35 | Address is a known mixer contract or wallet |
| High-risk address (hack/scam) | +25 | Associated with documented exploit or scam |
| Indirect mixer exposure | +20 base + 2/tx (max +15) | Exposure via transaction history on Etherscan |
Risk levels:
80–100
Direct sanctions match. Requires immediate escalation.
50–79
Sanctions match or significant mixer exposure. Requires manual review.
25–49
Partial match or indirect exposure. Flag for enhanced due diligence.
1–24
Minor adverse signal. Note in file and monitor.
0
No adverse signals found in sources checked.
5. Mixer Exposure Detection
Direct exposure — the address itself is a known mixer contract or wallet. Checked against the high-risk address database with HIGH confidence.
Indirect exposure — the address has transacted with a known mixer. Detected by analyzing the last 100 on-chain transactions via Etherscan. Tornado Cash contracts currently monitored:
0xd90e2f925da726b50c4ed8d0fb90ad053324f31b // Tornado Cash Router
0x722122df12d4e14e13ac3b6895a86e84145b6967 // TC 0.1 ETH pool
0x910cbd523d972eb0a6f4cae4618ad62622b39dbf // TC 1 ETH pool
0xa160cdab225685da1d56aa342ad8841c3b53f291 // TC 10 ETH pool
0xd4b88df4d29f5cedd6857912842cff3b20c8cfa3 // TC 100 ETH pool
Indirect mixer exposure is only performed for EVM chains (ETH, ARB, BASE, MATIC, BNB). Bitcoin, Solana, Tron, XRP, and Monero do not currently support this check.
6. Confidence Levels
| Level | Meaning | Applicable checks |
|---|---|---|
| HIGH | Exact match against official sanctions list or verified address database | Sanctions match, known mixer check |
| MEDIUM | Heuristic analysis of on-chain data. May produce false positives. | Indirect mixer exposure |
| LOW | Partial or fuzzy text matching. Requires manual verification. | Entity fuzzy match |
| N/A | Check not applicable for the queried chain or address type | Indirect mixer check on non-EVM chains |
7. Caching and Freshness
Screening results are cached for 24 hours per address/chain pair. The cache is invalidated when:
- The 24-hour TTL expires
- A new sanctions entry matches the cached address
- The cache is manually flushed by an administrator
Cached responses are indicated by from_cache: true. The checked_at timestamp reflects when the original check was performed.
Sanctions list synchronization runs every 6 hours via a scheduled job.
8. Limitations and Disclaimer
- The EU Consolidated Sanctions List does not contain crypto addresses.
- Indirect mixer exposure covers only the last 100 transactions. Older interactions are not detected.
- Mixer detection is limited to Ethereum and EVM-compatible chains.
- FUZZY-confidence entity matches always require manual verification.
- Results reflect the state of sanctions lists at the time of the last sync (every 6 hours).
- A CLEAR result does not constitute a legal clearance.
Disclaimer: AMLRadar provides information for compliance research purposes only. Results do not constitute legal advice and should not be relied upon as the sole basis for compliance decisions. Always verify findings against primary source lists and consult a qualified compliance professional.
Questions about the methodology? Suggestions for additional data sources?
compliance@aml-radar.com →