XRPL
Everything you need to know about XRPL compliance — XRP legal status, native features, and custody implementations.
Operating an XRPL VASP (exchange, custodian, on/off-ramp, IOU gateway, NFT marketplace, AMM front-end)? Here's the KYC / AML stack you need to assemble. XRPL has no native primitive for KYC or Travel Rule — these are provided by chain-agnostic third-party vendors.
📨 Travel Rule (FATF R.16) on XRPL
XRPL has no native VASP-to-VASP messaging (unlike some chains with a dedicated memo primitive). VASPs transferring assets between each other above the FATF threshold (typically 1,000 USD/EUR) must route through a third-party messaging vendor (Notabene, Sumsub Travel Rule). These vendors work across all XRPL assets: XRP, IOU, MPT, NFT.
🔍 Chain analytics covering XRP
The 3 main on-chain analytics vendors (Chainalysis, Elliptic, TRM Labs) have covered XRPL since 2018-2019. They trace XRP, IOU and MPT flows, provide per-address risk scoring + clustering, and power SAR/STR filings. Used by every XRPL-listed CEX (Coinbase, Kraken, Bitstamp, Uphold, GateHub).
Focus: Industry-standard crypto transaction monitoring + investigations + sanctions screening. Used by US Treasury / IRS / FBI + most regulated exchanges. Reactor (investigations) + KYT (Know Your Transaction) products.
Crypto / XRPL coverage: Native XRPL coverage — XRPL transactions + IOU flows + AMM tracked. Reactor supports XRPL investigations. RLUSD coverage from launch.
Focus: Crypto-native AML platform — Holistic (cross-chain monitoring) + Lens (entity intelligence). UK-base, MiCA-aligned. Strong in EU + UK regulated markets. Coinbase, Revolut, Binance among clients.
Crypto / XRPL coverage: XRPL covered. Cross-chain heuristics for stablecoin tracing (USDC, USDT, RLUSD).
Focus: Real-time blockchain intelligence + sanctions screening + investigations. Used by US Secret Service, FBI, OFAC + major crypto exchanges. Strong in compliance automation for institutional flows.
Crypto / XRPL coverage: XRPL native coverage. RLUSD tracking from issuance.
🪪 Identity / KYC vendors
Vendors used for user onboarding: identity document verification (IDV), biometric liveness, KYB for businesses, ongoing monitoring. All chain-agnostic — what matters is their MiCA / FCA / NYDFS compliance for the markets you serve.
Focus: KYC + KYB + AML monitoring + Travel Rule under one roof. Strong in EU + emerging markets, MiCA-aligned. ~5,000 clients including major crypto exchanges.
Crypto / XRPL coverage: Chain-agnostic. Used by XRPL VASPs needing onboarding KYC + Travel Rule + monitoring in a single SDK.
Focus: IDV + biometric verification + ongoing monitoring. Acquired by Entrust (2024). Strong in UK / EU / US fintech and crypto markets — Coinbase Europe, Revolut historic clients.
Focus: AI-powered IDV — document verification + biometric liveness + ongoing monitoring. Used by major exchanges (Bitstamp, Bitpanda, Bitso) and banks. SOC2 + ISO 27001.
Focus: No-code IDV platform with high configurability. Used by US-first fintech / crypto firms — Block (Cash App), Brex, Robinhood. Strong KYB + business-verification module.
Focus: IDV across 230+ countries, 11K+ document types. Estonian-base + EU MiCA-aligned. Used by Bolt, Wise, Kraken, Bitstamp.
Focus: GlobalGateway — KYC + KYB across 195 countries via 450+ data sources. Strong in B2B verification (UBO, business registry checks). Canadian-base, served by major banks + crypto firms.
🚫 Sanctions & PEP screening
Continuous screening against consolidated lists (OFAC, EU, UN, UK HMT) + PEP detection (Politically Exposed Persons) + adverse-media. These vendors cover both end users and counterparties (KYB), independent of the underlying chain.
Focus: AI-powered sanctions / PEP / adverse-media screening + ongoing monitoring. Strong in fintech and crypto — Coinbase, Gemini, BitGo, Klarna among clients. Real-time data updates.
Focus: Refinitiv's World-Check (now part of LSEG) — the gold-standard sanctions / PEP / heightened-risk database. Curated by 400+ analysts; used by Tier-1 banks worldwide.
Focus: Bridger Insight XG sanctions screening + Accuity payment screening. Strong in regulated banking + crypto on-ramp. US-base with global reach.
🏛 Typical stack of XRPL-listed CEXes
Common pattern observed at Coinbase, Kraken, Bitstamp, Uphold and GateHub: ① Identity — Sumsub or Onfido for retail KYC ② Screening — ComplyAdvantage or Refinitiv for sanctions + PEP ③ Chain analytics — Chainalysis KYT for transaction monitoring ④ Travel Rule — Notabene for inter-VASP transfers. Typical annual cost €50-250K for a Seed/Series A-scale operator.