risk-exposure-screening-concepts
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseRisk exposure screening (concepts)
风险暴露筛查(概念)
Educational reference only. Labels and scores from analytics or compliance tools are not legal findings. Verify primary sanctions lists and jurisdictional requirements with qualified teams. Pair with crypto-investigation-compliance and blockchain-analytics-operations.
仅作为教育参考。 来自分析或合规工具的标签与分数不构成法律判定。请与专业团队核实主要制裁名单和司法管辖区要求。搭配crypto-investigation-compliance和blockchain-analytics-operations使用。
Risk Exposure Engine (idea)
风险暴露引擎(理念)
A risk exposure engine combines a database of address or entity labels with on-chain interaction graphs to estimate whether a screened address or transaction is associated with known risk categories. Implementation details differ by product; confirm hop counts, thresholds, and asset scope in your provider’s documentation (see phalcon-compliance-documentation where relevant).
风险暴露引擎结合地址或实体标签数据库与链上交互图谱,估算被筛查的地址或交易是否与已知风险类别相关联。不同产品的实现细节存在差异,请在供应商文档中确认跳数、阈值和资产范围(相关场景可参考phalcon-compliance-documentation)。
Risk indicators (typical taxonomy)
风险指标(典型分类体系)
Risk indicators are categories assigned to addresses or entities. Names vary by vendor; the table below lists common families used in industry documentation.
| Risk indicator | Description |
|---|---|
| Sanctioned | Associated with entities on official sanctions lists (for example OFAC SDN), where applicable. |
| Terrorism financing | Associated with designated terrorist organizations or financing of terrorism. |
| Human trafficking | Associated with trafficking-related organizations or flows. |
| Drug trafficking | Associated with illicit production, transport, or distribution of controlled substances. |
| Attack | Related to exploit actors, attacker contracts, or associated fund movements. |
| Scam | Fraudulent schemes: phishing, Ponzi, honeypots, pig-butchering, etc. |
| Ransomware | Controlled by ransomware operators or used to pay ransom. |
| Child sexual abuse material (CSAM) facilitation | Facilitating payments for platforms distributing CSAM. |
| Money laundering | Suspected laundering of illicit proceeds. |
| Mixing | Mixer or privacy services that obscure trails. |
| Darknet market | Operators of darknet markets. |
| Darknet business | Other illicit darknet commerce (for example weapons, identity theft). |
| Frozen / contract blacklist | Blacklisted by major contracts or issuers (for example stablecoin freezes). |
| Gambling | Online gambling service addresses. |
| No-KYC exchange | Virtual asset service providers with weak KYC, per provider policy. |
| FATF high-risk jurisdiction | Entities tied to jurisdictions on FATF “black” lists (as used by the data provider). |
| FATF grey-list jurisdiction | Entities tied to FATF grey-list jurisdictions (as used by the data provider). |
风险指标是分配给地址或实体的类别。不同供应商的命名有所不同,下表列出行业文档中常用的通用类别。
| 风险指标 | 描述 |
|---|---|
| 制裁相关 | 与官方制裁名单(如OFAC SDN)上的实体相关联(适用情况下)。 |
| 恐怖主义融资 | 与指定恐怖组织或恐怖主义融资活动相关联。 |
| 人口贩卖 | 与人口贩卖相关组织或资金流相关联。 |
| 毒品贩卖 | 与受管制物质的非法生产、运输或分销相关联。 |
| 攻击相关 | 与 exploit 攻击者、攻击者合约或相关资金转移有关。 |
| 诈骗 | 欺诈性计划:钓鱼、庞氏骗局、蜜罐、杀猪盘等。 |
| 勒索软件 | 由勒索软件操作者控制或用于支付赎金。 |
| 儿童性剥削材料(CSAM)协助 | 为传播CSAM的平台提供支付协助。 |
| 洗钱 | 涉嫌清洗非法所得。 |
| 混币服务 | 用于模糊资金轨迹的混币器或隐私服务。 |
| 暗网市场 | 暗网市场运营方。 |
| 暗网商业活动 | 其他非法暗网商业活动(如武器、身份盗窃)。 |
| 冻结/合约黑名单 | 被主要合约或发行方列入黑名单(如稳定币冻结)。 |
| 赌博 | 在线赌博服务地址。 |
| 无KYC交易所 | 供应商政策认定的KYC流程薄弱的虚拟资产服务提供商。 |
| FATF高风险司法管辖区 | 与FATF“黑名单”司法管辖区相关联的实体(以数据提供商的认定为准)。 |
| FATF灰名单司法管辖区 | 与FATF灰名单司法管辖区相关联的实体(以数据提供商的认定为准)。 |
Exposure metrics
暴露指标
| Term | Meaning |
|---|---|
| Exposure value | Total USD value (per provider’s pricing source) of assets that originated from or interacted with a specified risk-labeled source, under the engine’s rules. |
| Exposure percentage | Share of tainted value relative to total inflow or outflow value for the screened address, under the configured window and rules. |
Interpretation is policy-dependent—same raw hops can score differently by direction, hop depth, and minimum amounts.
| 术语 | 含义 |
|---|---|
| 暴露价值 | 根据引擎规则,来自或与指定风险标签源交互的资产总美元价值(基于供应商的定价来源)。 |
| 暴露占比 | 在配置的时间窗口和规则下,被筛查地址的受污染资金价值占总流入或流出价值的比例。 |
指标解读取决于政策——相同的原始跳数可能因方向、跳深和最低金额要求而得到不同的评分。
Address-level screening (common templates)
地址级筛查(常见模板)
Many platforms expose three template families for addresses:
-
Entity / direct label risk — The screened address itself carries a risk label (for example sanctioned or scam).
Illustrative: an address is flagged because it matches an OFAC-listed identifier in the provider’s dataset. -
Interaction risk — Traces incoming or outgoing value across multiple hops. If any counterparty in the path carries a risk label, the engine may flag exposure subject to direction, hop limits, amount thresholds, and decay rules.
-
Blacklist interaction — Detects interaction with addresses on a customer-defined or tenant blacklist (policy-specific).
许多平台为地址提供三类模板:
-
实体/直接标签风险 —— 被筛查地址本身带有风险标签(如制裁相关或诈骗)。
示例: 某地址因与供应商数据集中的OFAC列名标识符匹配而被标记。 -
交互风险 —— 追踪流入或流出资金的多跳路径。若路径中的任何交易对手带有风险标签,引擎可能会标记暴露风险——具体取决于方向、跳数限制、金额阈值和衰减规则。
-
黑名单交互 —— 检测与客户自定义或租户黑名单中的地址的交互(取决于具体政策)。
Transaction-level screening (common templates)
交易级筛查(常见模板)
For a single transaction, engines often provide:
-
Participant risk — Whether addresses participating in the transaction carry configured risk indicators.
Deposit vs withdrawal (typical convention): for a directional screen, deposit flows may screen only the from side, and withdrawal flows only the to side—confirm in product docs. -
Interaction / flow risk — Traces fund provenance or destination of the transaction’s value to detect prior exposure (for example receiving from a phishing-labeled cluster). Deposit/withdrawal modes may restrict whether source or destination tracing applies.
-
Blacklist interaction — Whether the transaction touches blacklisted addresses per policy.
对于单笔交易,引擎通常提供:
-
参与者风险 —— 参与交易的地址是否带有配置的风险指标。
存提区分(典型惯例): 对于定向筛查,存入资金流可能仅筛查转出方,提取资金流仅筛查转入方——请在产品文档中确认。 -
交互/资金流风险 —— 追踪交易资金的来源或去向,以检测是否存在过往暴露(如接收来自钓鱼标签集群的资金)。存/提模式可能会限制是否适用来源或去向追踪。
-
黑名单交互 —— 交易是否涉及符合政策要求的黑名单地址。
Guardrails
注意事项
- Do not treat a commercial label as a court finding or automatic sanctions violation.
- Do not assist with evading screening, mixers for illicit purpose, or circumventing law enforcement processes.
- Separate on-chain facts from vendor scoring—document both when reporting.
- 请勿将商业标签视为法院判决或自动触发的制裁违规。
- 请勿协助规避筛查、为非法目的使用混币器或绕过执法流程。
- 区分链上事实与供应商评分——报告时需同时记录两者。
See also
另请参阅
- behavioral-risk-screening-concepts — volume, velocity, and transit-style behavior heuristics (complements label-based exposure).
Goal: give investigators a shared vocabulary for exposure-style screening without binding any specific product behavior or legal outcome.
- behavioral-risk-screening-concepts —— 基于交易量、交易速度和中转模式的行为启发式规则(补充基于标签的暴露筛查)。
目标: 为调查人员提供暴露式筛查的通用词汇,而不绑定任何特定产品的行为或法律结果。