Leopoldt Jansen Van Vuuren from Provenance on Onchain Analytics for Compliance

What We Discuss With Leopoldt Jansen Van Vurren
Onchain analytics splits into two buckets: Research & Reporting (Dune dashboards, DeFi volume, DAO treasuries) and Risk & Compliance, which layers on attribution (naming wallet clusters) and risk scoring (sanctions, AML exposure) using tools like Chainalysis, TRM Labs, and Elliptic.
This episode focuses on the Risk & Compliance side with Leopoldt Jansen Van Vuuren, Head of Onchain Analytics at Provenance, a compliance firm serving 400+ clients across 18 jurisdictions in VASPs, crypto funds, tokenised offerings, and DAOs.
Shownotes
- (0:00) Coming Up
- (3:13) Leopoldt’s background
- (5:58) Attribution v/s risk scoring
- (11:16) Tooling like Chainalysis, TRM Labs, Elliptic
- (17:25) Chokepoints for bad actors
- (20:27) Using mixing protocols like Tornado Cash
- (22:12) Get 10% off with Kryptos subledger
- (23:37) Choosing between compliance tools
- (28:03) Other tools like anchain, Cyvers, Hoptrail
- (29:14) Provenance Services
- (36:55) Fractional Compliance Officer model
- (41:04) Get 2 months for free with Request Finance
- (42:44) Accountability using outsourced model
- (46:03) Regulatory update with FATF, Travel Rule, CARF
- (49:55) Recurring compliance challenges
- (51:53) Comfort letter for fund administrators
- (53:57) Verifying wallet ownership
- (56:56) New investor subscription process for funds
- (58:01) Tokenized funds regulatory update for Cayman Islands
- (01:01:14) Using AI for onchain analytics
- (01:04:44) Closing thoughts
- (01:05:54) Favourite quote
- (01:07:11) Reach out to Leopoldt
[00:00:00] Leopoldt: There's a lot of techniques that the illicit actors are using.
[00:00:03] Leopoldt: One is rapid movement. So illicit actors will create 100 wallets, transfer all the money. It breaks that chain.
[00:00:10] Leopoldt: Another one is using, like, high-risk exchanges, exchanges that operate as an exchange, but they do not request KYC or KYB or any relevant information.
[00:00:21] Leopoldt: The third thing is using things like ATMs. We know ATM is also a very high-risk transferable manner of getting your crypto into the fiat space.
[00:00:28] Leopoldt: There's also mixing and privacy protocols.
[00:00:31] Umar: Onchain analytics splits into two buckets. The first is research and reporting, where you'd use Dune to query public blockchain data and build dashboards to understand a network, how much volume a DeFi protocol is doing, or what a DAO treasury holds.
[00:00:48] Umar: The second is onchain analytics for risk and compliance. The same public blockchain data underneath, but compliance team are layering on two things: attribution, putting a real-world name to a cluster of wallets; and risk scoring. Is this wallet owner exposed to money laundering, criminal activities, or sanctions?
[00:01:10] Umar: Using blockchain intelligence platforms like Chainalysis, TRM Labs, and Elliptic.
[00:01:17] Umar: Our focus for this episode is Risk and Compliance.
[00:01:21] Umar: To dig into that side, we're joined by Leopoldt Jansen van Vuuren, Head of Onchain Analytics at Provenance. Provenance is a specialized compliance firm bridging traditional finance and digital assets.
[00:01:35] Umar: They work across VASP, crypto funds, tokenized offerings, and DAOs with over 400 clients across 18 jurisdictions.
[00:01:44] Umar: In this episode with Leopoldt, we explore understanding attribution and risk scoring, tooling for Onchain analytics, the Fractional Compliance Officer model, tokenized funds, and the comfort letter for fund administrators and more.
[00:02:02] Umar: The Accountant Quits is the official podcast of the Onchain Finance Institute, the leading educational provider for finance teams using digital assets.
[00:02:12] Umar: Their programs, the Crypto Accounting Academy and Crypto Treasury Management Academy, focus on practical knowledge, including tools required to work with digital assets.
[00:02:24] Umar: Inside their platform, you can also connect with peers working in web3, join focused chat groups, access job opportunities, and attend practical workshops on onchain finance.
[00:02:36] Umar: You can join the community for free by heading to onchainfinanceinstitute.com/community
[00:02:42] Umar: The link is also in the show notes.
[00:02:44] Umar: Now let's get into my conversation with Leopoldt.
[00:02:52] Umar: Leo, welcome to the show. It's great to have you on.
[00:02:56] Leopoldt: Amazing. Thanks, Umar. Thank, thank you very much for having me on your show. Really enjoy what you guys are doing in the industry, and hopefully we can, we can share some knowledge and insights today so someone can, find it worthy.
[00:03:10] Umar: I'm also looking forward to it, Leo.
[00:03:13] Umar: Now, I'd like to start with your background and the story of your transition in the digital assets industry. You're from South Africa, and you started as an Attorney back in 2014. Then in 2017, you joined, if I'm getting the name of the company right, Hogan Lovells, as a Compliance Specialist, leading a team of Compliance Officers, building AML policies, dealing with sanctioned jurisdictions, filing suspicious transaction reports.
[00:03:43] Umar: Then in 2022, you joined Provenance as their second hire, and today you're their Head of Onchain Analytics. Can you walk us through that journey and what you, what got you interested with blockchain?
[00:03:56] Leopoldt: Hundred percent. Thanks, Umar. Yeah, it's quite an interesting path. I think if you ask anyone within the industry how they got familiar with crypto or within the industry, they'll have some interesting, answers here and there.
[00:04:09] Leopoldt: My story goes back, like I mentioned, I was a Lawyer by trade. Now I'm reformed. I saw the light at the end of the tunnel. It was perhaps not a train, but a crypto industry and compliance. So, yeah, my wife and I moved to South Korea in 2016, and that's the first time I ever heard of the word blockchain and, and crypto, uh, specifically Bitcoin.
[00:04:25] Leopoldt: So while we were in South Korea,
[00:04:36] Leopoldt: you heard, like, the rumors about Bitcoin and crypto and... But I didn't really... I parked it, like, to the one side. When we came back in 2017, I actually started working at Hogan Lovells, and I had a couple of good friends over there, and I vividly remember the one day we walked to the, to the kitchen, grabbed a cup of coffee, and my two friends actually said, "Listen, we almost have enough money to buy one Bitcoin."
[00:05:04] Leopoldt: And I'm like, "Listen guys, what is this Bitcoin and how do you share money to buy something?" And they started discussing this and I'm like... So my initial thought was you need to have exactly the sum of money to buy one Bitcoin, which we know is not the case right now. So I parked it there, again, and then I worked in the compliance industry.
[00:05:24] Leopoldt: And then in 2022 when, when Provenance, yeah, reached out to me, I was really fascinated by the idea of providing AML services, compliance, crypto for this rapidly evolving industry. It's ever-moving, ever-changing, and I have a pretty big risk appetite. So for me it was, listen, you need to jump in, you need to understand this.
[00:05:48] Leopoldt: Also to help the bigger community within the crypto space. So that's how we started and I'm not going anywhere soon.
[00:05:56] Umar: Perfect. That's a good story. Now, I'd like to start the episode by defining the word onchain analytics. The episode title is Onchain Analytics for Compliance, and it can mean two different things, and I want the listeners to be clear on what this episode is about.
[00:06:13] Umar: So just setting the foundation first, and as most of the listeners already know, so a blockchain is fully transparent. Every transaction is permanently visible and trackable. But wallets are just strings of characters. Like I said, you can follow the money without knowing who's holding it. Now, a lot of the listeners probably have come across a tool like Dune.
[00:06:36] Umar: Dune is an onchain analytics tool, but for insight, right? You write SQL queries against public blockchain data, and you build dashboards to understand the network. Like how much volume, let's say, a DeFi protocol is doing, how a token is distributed, how much treasury a DAO holds. So it's a research and reporting tool.
[00:06:58] Umar: But Dune won't tell you who's behind a wallet or whether the funds are clean, so to say.
[00:07:04] Umar: So what you do is like the other kind. It's onchain analytics for risk and compliance. It's the same public data, but you're layering on two things that Dune doesn't do. The first one is attribution. So you put a real-world name to, let's say, a cluster of wallets, and you do risk scoring.
[00:07:24] Umar: So you understand whether this wallet owner is exposed to, let's say, money laundering, criminal activities, sanctions, and so on. So to kick off this episode, is that the right way to frame this distinction for our audience?
[00:07:39] Leopoldt: Absolutely, Umar, and if you ever need a job, I think you already know what we are doing, so I think I'll hire you on the spot.
[00:07:45] Leopoldt: So if you ever need something, more than welcome. So basically, what we do on a daily basis is we take the onchain data you just mentioned, and we put color to it. We put a body to it. We put a whole environment to it so that someone who reads this can interpret it in a way that would allow them to make an informed decision whenever they are, they are allowing funds or a wallet into their ecosystem.
[00:08:14] Leopoldt: So we are dissecting all of this data and then providing it in a more I wanna say a streamlined fashion so people can actually understand what's happening behind it. So to give a bit more of a, I wanna say, background to the story is that where the... I first heard of the word onchain analytics, we call it OCA within our company, is back in, in 2021, 2022.
[00:08:41] Leopoldt: Provenance, like you mentioned, I was a day two hire. Our fearless leaders and founders founded the company based on the fact that there was a tokenized fund in the Cayman Islands, and all of the big firms like your, your lawyers, your counsel, your fund administrators, no one knew how to actually go about interpreting certain data on the blockchain in order to prevent money laundering, terrorist financing, high-risk exposure, and that's then where the onchain analytics in Provenance specifically was born.
[00:09:17] Leopoldt: But a lot of times people also put onchain analytics into, a little box to say, "You check a wallet and you just check the exposure thereof using a tool," which we'll get into a bit later. But onchain analytics is way broader than that as well. Yes, you look at your wallet, you look at your exposure, first of all.
[00:09:39] Leopoldt: So you look at every, type of industry or service that your wallet has been exposed to, like dark web, sanctions, stolen funds, scams, exchanges, DeFi protocols. So you look at the exposure, but you also look at patterns. So everything is on the blockchain, like everything is transparent. So you can go to Etherscan or Solscan or Tron or what- wherever and see all of the, the transactions.
[00:10:05] Leopoldt: But now we put those transactions into a pattern and we analyze it using the patterns, the counterparties, and it's almost like if you think about it in the traditional financial sense, it's taking someone's bank account and diving into it and exposing it entirely. So it's actually quite interesting. I love it.
[00:10:26] Leopoldt: And the, the... another thing that really comes to this one is transaction monitoring. So to also, yes, look at your transactions when it comes to the exposure, but also your typology. So like rapid movements, increments of, of, payments, your layering, structuring. So it's having all of those traditional compliance aspects, putting it on the blockchain, reviewing it, and then spitting it out in a way that the reader, like the regulators or the client, can actually understand what is the risk appetite of this wallet?
[00:11:01] Leopoldt: Can I interact with it? Is there mitigating factors? Let's say there's sanctions exposure, but it's mitigated because the exposure was prior to sanctions or... So it's, it's understanding all of those. So I hope that really, clears it up a bit.
[00:11:16] Umar: Now, a question I was really looking forward to go through is actually understanding the tools for onchain analytics.
[00:11:22] Umar: Now, as you know, Leo, this podcast is mostly listened by accounting and finance professionals. Maybe some compliance, professionals sometimes, but it's mostly accounting and finance professionals. And I understand sometimes they also have to use these tools. So the, the major tools right now in the industry are Chainalysis, TRM Labs, and Elliptic.
[00:11:44] Umar: They're all blockchain intelligence platforms, and they all kinda fundamentally sell the same thing. They take public blockchain data and they layer on attribution and risk scoring, right? So attribution is putting a real-world name to a wallet, and risk scoring is understanding whether this money is clean, so to say.
[00:12:04] Umar: I saw on LinkedIn you're also certified on Chainalysis and TRM Labs, and you mentioned you regularly use Elliptic at Provenance as well. So first to start, for someone who's never used these tools, what information would these platforms actually provide to the compliance team?
[00:12:24] Leopoldt: Great question, Umar, and, and something also for your listeners, what, which is quite interesting is we work with accountants and financial professionals on a daily basis, specifically let's say your CFOs from companies or your Fractional CFOs and especially the, like the DAO management companies and all of those.
[00:12:43] Leopoldt: So it's actually such a, a, a privilege to speak to your listeners as well, to say, "But we understand you guys, and we also wanna help make that informed decision a lot of times." And one of these is as well, when let's say a CFO from a company comes to Provenance and they say, "Listen guys, we wanna accept crypto as a payment for one of our, clients," let's say they're, they're a law firm.
[00:13:07] Leopoldt: We work with the law firms as well. Now they wanna receive payment in crypto. They also wanna understand the product. They wanna understand, "Listen, take me on a roadmap through a demo. What do you guys do? How does it work?" So that they as financial professionals can also understand this. So especially when we use these tools like TRM, Elliptic and the Chainalysis, those are your, I wanna say, your Rolls Royces these days, your more expensive tools.
[00:13:35] Leopoldt: They've been well known in the market as well. So they take all of that raw data, and it's literally like they shine a light on it, so that everything that, that's on the blockchain can be on a dashboard that's easily understandable for someone. So in essence, they would literally go onto the dark web.
[00:13:55] Leopoldt: So I've, I've been privileged to go to New York to one of the, the teams as well, and we literally went into one of these service providers' back rooms, and they had, like, a little dark corner there, um, with a lot of, professionals literally being on the dark web. So they are searching for wallets, searching for clusters, searching for all of the high-risk exposures that they can then put onto their system to inform their clients and their customers.
[00:14:21] Leopoldt: So they take all of that data, put it in a, in a, in a way that we can understand it. We can plot graphs on it. So let's say you have a wallet, you put it on the graph. You wanna look at the counterparties. You can build out the graph. You can look at the transactions. You can look at the different, tokens that they hold.
[00:14:39] Leopoldt: But the, the key thing to all, all of these tools are, yes, they are spending millions to build out their tool and to build out the infrastructure, but it's not just them, it's a whole community-driven project.
[00:14:53] Leopoldt: So to give you a little bit of an idea, we had a client about two, two years ago that called us and said, "Listen, guys, I just got hacked on my, phone while using, public Wi-Fi at an airport," and they stole more than 80 Bitcoin from this customer. And we jumped on it immediately using our tools to track the funds, and we started plotting where the funds were actually going.
[00:15:18] Leopoldt: We always call it an exit point. So an exit point would be where you take or the, the usually the bad actors, they'll take the crypto, move it to certain wallets, and then at the end they either wanna bridge it to another blockchain, or they wanna exchange it for fiat currency, like an exchange, um, etc.
[00:15:38] Leopoldt: So we tracked and traced the money, and while we were doing this, you can actually reach out to these platforms like TRM, Chainalysis, Elliptic, and then label certain wallets. So we immediately then, informed them to say, "Listen, guys, we have a client, they've been hacked. Please cluster these three wallets as, as stolen funds wallets."
[00:16:01] Leopoldt: And that then also helps the broader community. So let's say you're an exchange and these wallets want to use you to exit and, and actually transfer the money, you can block it. You can say, " listen, it's blocked because someone has flagged you as being a criminal or a, illicit ac- actor." So it's, it's the tool itself, but it's also the community and all of us that works together to give all of this public information at the end of the day.
[00:16:29] Leopoldt: So, and one last story I wanna share is, I used to be friends back, way back when with someone, and it's, it's more about the tool and the usage of a tool. And we were joking around putting tomato sauce on a, on a, on a hotdog, and the tomato sauce didn't wanna come out. And I looked at my friend and I'm like, "Listen, man, it's not the it's not the tool, it's the fool behind the tool that doesn't make it work."
[00:16:57] Leopoldt: And all of a sudden, he pointed at me and he squeezed it, and it came out, and I was, like, full of tomato sauce. But the crux of the story is we can have these tools, but you need to know how to use it in order to open up a whole new world out there. So it's, it... I can speak on this for days. I honestly love what they have been building and, at the end of the day, it's, it's putting all of that raw data in a way that someone can understand and interpret it correctly.
[00:17:25] Umar: So based on what you were explaining right now, I have a follow-up question. I'm thinking, so the way to exit, as you were explaining, is also what we refer to as l- like, as off-ramping providers. So exchanges or other off-ramping providers. You can also have OTC or the brokers. Now- it might get interpreted as a way I'm asking you how do-- can hackers still get by?
[00:17:48] Umar: Because exchanges or these other off-ramping providers, they can be choke points, right? So we c- that's the point where we can actually know the identity of that person. Yeah. How could these hackers still get by, like, appropriating these funds when they've hacked someone and not going through the exchange basically because it's too easy, then you can report to the exchange, and we'll do-- we'll know the identity of that person.
[00:18:13] Leopoldt: Exactly. We get that quite often, Umar, and there's a lot of techniques that the, illicit actors are using. One is rapid movement. So one thing, and I actually wrote an article on this, is people would ask, how many hops away do you stop money or do you interpret something? Hops meaning how many counterparties between the actual, illicit they're acting and then your wallet.
[00:18:38] Leopoldt: We don't believe in that system because actors are actually creating multiple wallets within seconds. So one tactic they are using is to block this, aspect. So a lot of companies would have a risk appetite to say anything further than 10 hops away, that's fine, it's indirect. So, illicit actors would create 100 wallets, transfer all the money, it breaks that chain.
[00:19:02] Leopoldt: So that is one tactic they are using. Another one is using, examples like high-risk exchanges. High-risk exchanges are some, exchanges that operate as an exchange, but they do not request KYC or KYB or any relevant information. So you have those that we diligently look at, at our customers.
[00:19:22] Leopoldt: The third thing is using things like ATMs.
[00:19:25] Leopoldt: We know ATM is also a very high-risk transferable manner of getting your crypto into the fiat space. So that's one, and then bridging. So let's say you bridge from one exchange or one, blockchain to another, it breaks that pattern, and for you as an exchange, that money kind of looks clean because that, that whole exchange hasn't been broken.
[00:19:48] Leopoldt: There's also mixing and privacy protocols. So those are some of the ways. And then peer-to-peer, obviously, let's say I'm a criminal, I owe criminal B some money. I'll send it to his private wallet peer-to-peer, and then the whole using it on the blockchain, just sending money between each other, that's also a transferable manner.
[00:20:08] Leopoldt: So there's actually quite a lot of ways getting it out there, which I think also brings regulation, and we're gonna touch on regulation in a bit, is regulation also tries to prevent that, that aspect. So that's also why compliance is important out there as well.
[00:20:27] Umar: Okay. So you mentioned... I have another follow-up question because you mentioned these mixing protocols.
[00:20:31] Umar: So the big one is Tornado Cash, right? And I didn't follow up recently what's their whole, legal status because I know they were banned in certain countries. How popular do you come across, I don't know, these, uh, users, hackers using mixing protocols? And are there other ones other than Tornado Cash that's popular in the industry?
[00:20:51] Leopoldt: Yes. Grinex was also a popular exchange in, in Russia that was used by previously. Tornado Cash is one of your well-known or better-known ones. And the thing to also re- I wanna say, I, I'm not... I'm playing devil's advocate here in a lot of instances, is we had had, we have had certain investors going into funds that wanted to contribute their, their assets, and we tracked it back to Tornado Cash, yes, prior to being sanctioned.
[00:21:20] Leopoldt: So let's say Tornado Cash was sanctioned 2022 initially. So prior to that, they used Torna- Tornado Cash as a privacy protocol. So there were actual, if you look at the creator of, of, of Ethereum as well, they actually had reasonable or good reasons to use privacy protocols back in the day as well.
[00:21:43] Leopoldt: Those are becoming less and less, effective these days with them being, sanctioned, being high-risk activity. To answer your question, do we come across those? We don't come across them as often as we used to in 2022 and '23. But you would still... obviously, everything is on the blockchain.
[00:22:00] Leopoldt: So you'll still have your, your OGs and your whales that come to the fund that had some sort of exposure to that 2021, 2022. So not too often these days.
[00:22:12] Umar: Before we continue, we'll take a quick commercial break from our sponsor. Whenever you use cryptocurrencies for your business, the framework for your bookkeeping is a combination of traditional accounting software like QuickBooks, Xero, Oracle NetSuite, and a crypto subledger, which would extract, process, and feed in transactions from wallets, exchanges, and custodians into your accounting software.
[00:22:36] Umar: Kryptos Enterprise is a SOC 2-certified accounting software built for crypto and integrates with a 150+ blockchains, a 100+ exchanges, 50+ wallets, and over 5,000 DeFi protocols. Using a crypto subledger, you can automatically categorize and track your gas fees, realized gains and losses on trades, and create custom categorization rules.
[00:23:03] Umar: And once categorized, you have the ability to bulk sync your transactions into your accounting software.
[00:23:10] Umar: And with their MCP server, you can now connect your AI assistant like Claude, Cursor, or ChatGPT into your Kryptos account to categorize, reconcile, and sync transactions.
[00:23:23] Umar: If you're still managing crypto on spreadsheets, you're making your life harder than it needs to be.
[00:23:28] Umar: Right now, Kryptos is offering you ten percent for the first year of subscription. Check out the link in the description to claim this offer.
[00:23:37] Umar: Now, before we move on to Provenance, I have a second question on tools. How would, let's say, a compliance person choose the right tool for their use case? And you can feel free to mention any specific vertical that maybe one of these tools is more effective, like let's say, I don't know, it's a fund or an exchange
[00:23:56] Leopoldt: So, so for us, this is actually a, a question we get quite often because yes, we work with foundations, exchanges, DAOs, funds, and all of those, and when they want to choose a relevant tool, we also assist.
[00:24:11] Leopoldt: We can also come in on a consultancy basis. We do work with all of these service providers, so we do understand how they operate, how their platform works. But I think there's a couple of things people primarily look at when they wanna choose a tool. And I wanna say the first thing, being of on a podcast with financial professionals is- budget, budget, budget.
[00:24:33] Leopoldt: So at the end of the day, budget and requirements, those are two things. So let's say a DAO or a foundation, we know they're not regulated, so in essence, they don't actually need to do any in-depth screening or anything like that. So they would then prefer to either go for a cheaper option, something just to say, "Listen, yes, we are doing something for sanctions, so we don't want the best out of the best out there."
[00:25:01] Leopoldt: So their requirement is way less. So the tool and the budget allocated would then be way less. So they would have a, I wanna say, entry-level tool at the end of the day, or just a free API integration or anything like that.
[00:25:14] Leopoldt: So that's also then where Provenance comes in. A lot of DAOs and foundations would come and say, "Listen, let's use you guys, use your licenses, and we don't have to pay $50,000 per annum for 100 wallet screenings. Let's work on that."
[00:25:31] Leopoldt: Secondly is also, let's say you have a VASP or exchange. They are currently, let's say, four or five employees. They have a mindset of building something, but to get all of these licenses will kill their initial startuping phase. So budget and requirement is one thing.
[00:25:49] Leopoldt: Another thing we always look at is blockchains and assets covered.
[00:25:54] Leopoldt: So let's say you have your TRM, Chainalysis, Elliptic, so three of your, your well-known products out there. They are all built on different ways and different, I wanna say, techniques and foundations. Some of them would focus, let's say, on your big, ERC-20, your EVMs, your Bitcoin, your Solanas. They'll focus on those blockchains and cover all of those, assets held on that blockchain.
[00:26:20] Leopoldt: But then you'll, you'll have a, let's say, client like using Canton or something that's a bit smaller, your one tool might not cover that, so then looking at a different tool. So we have a couple of clients that, have pro- protocols, and their protocols are only covered by certain products. So then you'll need to have, let's say, that block explorer as well, or that, on-chain analytics tool.
[00:26:43] Leopoldt: So the blockchain assets covered and blockchains, and then it also comes to preference and feel. They all have a different feel, a different preference. Some of them are a bit stronger in transaction monitoring. Some of them are a bit stronger in, in wallet screening exposure. And then some of these tools will also have a bit of due diligence covered on certain services, so,
[00:27:06] Leopoldt: And then the last thing is your risk rating and the ability to actual build out the risk engine for a certain, for your product, aligns with your product, aligns with your, your risk appetite, etc. So not all of them have the ability to build out, let's say, to such a T and dissect it. You can, yes, it have risk ratings for certain, exposure, but what about percentage-wise or dollar value or sending or receiving?
[00:27:38] Leopoldt: So that also then allows you to make a determination which tool at the end of the day would be best. So there are a couple of things, and we've been fortunate to work with a lot, not just these three, but a lot more. And when a client comes to us, we always ask, "What is your need? What's your budget? What's your requirement, and who's going to utilize the tool?"
[00:28:00] Leopoldt: And then we start finding the right partner for them.
[00:28:03] Umar: Are there other tools worth mentioning, they're doing a good job, and maybe worth giving a shout-out to?
[00:28:10] Leopoldt: Yes, absolutely. I would like to give, give Anchain. Anchain is also very well, a product that we use for one of our clients. Another one is Cyvers.
[00:28:19] Leopoldt: Cyvers is also covered, they look at a bit more, um, fraud detection, so Cyvers is also a very well-known, tool to use. So those are also two that we work with, and it's really nice to work with as well. And then there's also other smaller company called Hoptrail. They're also a bit more on the due diligence side for certain, yeah, services, VASPs and those.
[00:28:41] Leopoldt: So those are also some of the, the smaller ones coming into play.
[00:28:47] Umar: I wanna share those ones maybe in the show notes as well later. So I just wanna make sure I get the pronunciation right. The first one you mentioned is Unchain?
[00:28:56] Leopoldt: Yeah. An, A-N, and then chain. So they are one. And then Cyvers, C-Y-V-E-R-S. And the last one is HopTrail.
[00:29:07] Umar: HopTrail. Yes. H-O-P-T-R-A-I-L.
[00:29:11] Leopoldt: Yes.
[00:29:11] Umar: Okay. Very good. All right, so I think it's a good time to speak about Provenance.
[00:29:17] Umar: So like I mentioned in the intro, Provenance was founded in 2021 as a specialized con- compliance firm to bridge traditional finance and digital assets. Could you provide us with an overview of the services that you're providing at Provenance, maybe the types of companies you'd work with as well?
[00:29:36] Umar: And also, what's the typical problem they're walking in with?
[00:29:41] Leopoldt: Umar, I want to give a short answer, which is we are a one-stop shop for all digital asset compliance, but that would not do justice to what we actually do. So that's always the, the slogan that we use. So yes, Provenance was started 2021, 2022 when, like I mentioned, the first tokenized fund came to Cayman, and that's something where law firms, directorship shops, and fund admins, they dabbled into a lot of things, but not per se what compliance is all about.
[00:30:13] Leopoldt: How do you confirm whether you can actually allow investor or the source of funds into a fund? And that's then where, where our fearless leaders saw a gap. They saw a gap in the market and they said, "Listen, guys, let's use our experience in the compliance, legal, and, financial industry, bring it together, and build a new product for, for the need out there."
[00:30:35] Leopoldt: So Provenance was born, and our initial offering back in the day consisted of being AML compliance officers, your money laundering reporting officers for crypto-specific funds. So that was the, like, day one, the big thing we need to, to understand this. And then I came in and they started, like, how are we going to do source of funds tracing on the blockchain?
[00:31:02] Leopoldt: And that's then where the on-chain analytics team was born, or the, the concept was born to assist the AML officer to make an decision when funds, which is crypto, are coming into a fund. So we started with that, and then we also started to provide KYC services, so physically doing the onboarding for, let's say, your protocols, your projects, your DAOs, foundations, So we had the AML officer role, we had the Onchain Analytics role, and then we have the KYC/MS role.
[00:31:35] Leopoldt: And that was primarily our three biggest, service lines back in the day. But as time actually came, we've built out into a bigger global sense to assist regulated clients like your VASP, regulated funds, et cetera, but also helping the unregulated space like your DAOs, your foundations, which actually choose to self-regulate, to choose to do some sort of other wallet screening, transaction monitoring, KYC onboarding, so that they do not allow any bad actors entering the ecosystem, not for a regulatory requirement, but more a reputational aspect.
[00:32:15] Leopoldt: We all know that those protocols, once you allow for certain of, of the bad actors to enter and infiltrate, the whole reputation is done, the community is done, people, would like to exit. So we started off with that, and then we also built out into a audit department. So now we have a fully functioned audit department where we provide gap analysis to regulated and unregulated clients, due diligence report, risk assessments, AML audits, and then something very specific in that space and also for, for financial professionals out there working in a DAO or working at a VASP, is your CCSS, your cryptocurrency security standard.
[00:32:57] Leopoldt: So we also provide those audits, for specifically for a lot of the, the exchanges out there. And later on, we also started providing the CCO roles. We pro-provide Fractional Compliance Officers. And then one big thing that Provenance, and this is also why I enjoy this podcast, I enjoy what you guys are doing at Accountant Quits, is public knowledge training and just, bringing knowledge to the, to the people out there.
[00:33:26] Leopoldt: We love training. We provide training on a daily basis, either for AML officers, your directors, your MROs, or just basic crypto fundamentals and, and all of those. So those are, I wanna say if you wanna put it into our services.
[00:33:42] Leopoldt: But to answer your question as well, Umar, on what are some of the problems people bring in and what are two focus points, we would say first of all, being the regulated space, the VASPs, the CASPs, the funds out there.
[00:33:57] Leopoldt: And the problem that they are having, especially when they are building the, building out their initial process or costs.
[00:34:05] Leopoldt: So last- like I mentioned earlier, meet your product licenses like your TRM license or your Sumsub license. You need fraud licenses, your Travel Rule licenses. So building out all of those licenses and then getting all of the clients, that's a stumbling block for a lot of the VASPs.
[00:34:22] Leopoldt: So they would come to us and say, "Listen, guys, we know you're providing MRO roles, but what about your day-to-day activities?" And that's where we have our managed services as well, where we come in, we're at a fraction of the cost to help them build out. And we love growing with our clients. We have a lot of the VASPs in Cayman Islands and globally on our books.
[00:34:44] Leopoldt: And to help them build out from a phase of being, let's say, the founders and a couple of employees to, let's say, now they're big enough to actually, justify having a full-blown compliance team, having all of the licenses, then we transition with them to those as well. So we walk the whole road with the client until they can do all of these, on, on their own.
[00:35:09] Leopoldt: And we always also want to, to mention to clients that we operate a hundred percent independently, all of our services.
[00:35:16] Leopoldt: And then secondly, one thing that we also work, so regulated space, secondly is your unregulated space. Like I mentioned, your DAOs foundations, they have the problem of wanting to do some sort of KYC or onboarding or wallet screening for the, let's say, the, the, the vault or the, treasury, but they don't actually see the need in buying all of those licenses, so they come to us.
[00:35:44] Leopoldt: And that's where we would then assist and also with the fractional compliance officer role to, to help them out, because we know that the DAOs and foundations are usually started by your tech guys, by your developers, by, someone in the finance team that doesn't really have a, I wanna say, knack for compliance, and they think compliance is boring, they hate it.
[00:36:04] Leopoldt: No one likes KYC, no one likes this, but we love it. So that's why we'd come in and we do that, on their behalf.
[00:36:11] Leopoldt: And then lastly is, is for your service providers, like your fund administrators, your law firms, your audit firms, your directorship shops. We work closely with them as well when they walk through the door with a problem to say, "I'm a director on this DAO, and listen guys, they're not doing enough.
[00:36:30] Leopoldt: They're not ha- They don't have the policies. They don't have this. Can you guys assist them?" Or when a law firm comes and say, "Can you help us draft the addendum for accepting crypto as a form of payment?" So that's also another problem people usually come through the door. So it's, it's quite vast. We do everything, but those are more or less, in a nutshell, if that makes sense
[00:36:54] Umar: Yes. I'd like to dive deeper into your outsourced compliance service model. So our listeners are familiar with this Fractional CFO model. Provenance offers the Fractional Compliance Officer model, if that's the appropriate term.
[00:37:10] Umar: Now, of course, it's valuable for proj- projects that, like you already explained, they can't hire a full compliance team, and now Provenance will take the whole compliance function.
[00:37:20] Umar: Let's say, for example, in the case of a Cayman Island VASP structure, it's mandatory to appoint an AML Compliance Officer, a Money Laundering Reporting Officer, right?
[00:37:30] Umar: So is this fractional or outsourced compliance officer the right way for our listeners to think about this service line?
[00:37:39] Umar: And also maybe besides a VASP, which is obviously very heavily compliant by design, what are the other types of companies where this outsourced Compliance Officer model would make sense?
[00:37:51] Umar: I know you already gave the example of DAOs.
[00:37:55] Leopoldt: 100%. So Umar, these are two separate roles. So just to, for all the listeners out there to understand it as well, like in Cayman Islands, you will have your AML Compliance officer, your MLRO, and your deputy MLRO roles. Those are required in your regulated space, let's say a fund or a VASP.
[00:38:16] Leopoldt: So they need to be fulfilled by someone usually being, someone that doesn't have, overview of the day-to-day activity. So they would then focus purely on AML escalations and everything in line with that. So they don't really have an active role in reviewing alerts or putting into play your policies and your procedures and all of that or adhering to them.
[00:38:42] Leopoldt: They'll build it out, but not do what it says inside. So this is then a separate role where Provenance then would come in on a fractional side. So your MLRO, AMLCO, deputy MLRO will help build out the, policies and procedures, but then someone needs to implement that. Someone needs to do what it says.
[00:39:02] Leopoldt: Someone needs to do the screening, someone needs to review the alerts and all of that. So that's then where the fractional compliance then comes in on a separate note to actually have that policies and procedures effectively, delivered on a daily basis. So to think that we fulfill the day-to-day as a fractional compliance side, but the, AML officer roles, those are required and that's then why, it's two separate roles.
[00:39:32] Leopoldt: I think you then asked on, on a VASP side, which is very heavily compliant, other companies that would use the outsourced function.
[00:39:42] Leopoldt: First of all, one big thing is your DAOs and your foundations. They don't require to have a MRO, deputy MRO or anything like that according to legislation. So no one needs to be appointed for that.
[00:39:55] Leopoldt: But still they would like to choose to do, self-regulation. So someone to come in on a daily basis to help with, let's say there are any sanctions alerts. Now you have your financial guys or your tech guys or your developers, they've never heard the word SAR, like a Suspicious Activity Report or an STR, Suspicious Transaction Report.
[00:40:20] Leopoldt: They don't know the FIU, they don't know any of this. Now they need to file these things. So that's then where we come in to say, "Listen, we'll provide that experience for you guys. We can't file it on your behalf, but we can draft it, we can do the reviews, we can do the escalations, we can do all of those things for you so that you can then operate and focus on the operations and all of that."
[00:40:44] Leopoldt: So another one that, other than a DAO and foundations, using this outsourced would then be your token issuances, which is also well known in the space for us to come in either as a MRO or as a as a fractional compliance officer
[00:41:04] Umar: Before we continue, let's take a quick commercial break from our sponsor.
[00:41:08] Umar: If you're serious about running your business using crypto, you need tools built for crypto.
[00:41:14] Umar: One of my favorite apps, and yes, one that I use multiple times a month, is Request Finance.
[00:41:21] Umar: This app has been a game changer in how I invoice my clients and receive stablecoins and crypto directly in my wallet.
[00:41:29] Umar: But hey, there's so much more to it.
[00:41:31] Umar: Request Finance is the all-in-one platform for crypto operations, accounts payable, accounts receivable, expenses, and even accounting.
[00:41:41] Umar: Plus, they've got a killer multi-payee off-ramp to over 190 countries, meaning you can pay someone with crypto and they get fiat in their bank account.
[00:41:52] Umar: Request Finance connects to over 20 blockchain networks, including Ethereum, Solana, Base, Arbitrum, Near, and more.
[00:42:01] Umar: Here are some features that I love: batch payments using your preferred wallet of choice, a single dashboard to track all invoices with real-time updates.
[00:42:13] Umar: All invoices contain the transaction hash for easy audits.
[00:42:17] Umar: But hey, don't take my word for it. Try it out for yourself.
[00:42:21] Umar: Head over to requestfinance/partners/theaccountantquits and get two months for free with all the pro account features.
[00:42:30] Umar: Join 3,000 finance leaders today using Request Finance and make crypto operations simpler, compliant, and less stressful.
[00:42:44] Umar: All right. So my, my follow-up question on that is even if the role is outsourced, the Cayman regime says the VASP itself remains, retains, sorry, ultimate responsibility for compliance. So you can outsource the function, yes, but not the accountability. Let's say when Provenance acts as an AML Compliance Officer, a Money Laundering Reporting Officer, where does liability actually sit?
[00:43:09] Umar: Let's say if something goes wrong, there's a missed suspicious transaction, is it on the team? I mean, is it on your team? Is it on the company, your client, or both?
[00:43:21] Leopoldt: A very good question. Almost want to think it's a flip of the coin sometimes, and it depends on which side of the coin you sit. So in the Cayman Islands, to think about it, the starting principle is exactly a VASP can delegate a function, but they cannot delegate the regulatory responsibility at the end of the day.
[00:43:41] Leopoldt: So if Provenance is appointed as the AMLCO, the MRO or deputy MRO, which is required by law, the liability typically falls into, two layers, so two different aspects to it. So first of all, is the VASP will remain primarily accountable towards CIMA, which is your Cayman Islands Monetary Authority. So from the regulator's perspective, at the end of the day, the license or registered VASP is responsible for ensuring compliance with AML regulations.
[00:44:14] Leopoldt: If there's any missed, suspicious activity or inadequate customer due diligence or a failure to comply with any of these things, the first question would be, did the VASP have an effective AML framework? So did they have that AML framework where someone comes in and then does the day-to-day?
[00:44:35] Leopoldt: Again, re-emphasizing that the MRO doesn't do the day-to-day activities. Then you'll have your outsourced AMLCO role that can have personal but also con- contractual, exposure at the end of the day. For them, it would more be in a line of failure or negligent not reporting something that's been escalated to them, failure to follow the AML regulations in the Cayman, failure to escalate or, or report any suspicious activity.
[00:45:08] Leopoldt: So that's then where they can be exposed in, in that instance. So I wanna almost summarize these two aspects to say, if Provenance acts as the AML officer or the AMLCO or MLRO, we assume responsibility for performing the function competently and in accordance with the Cayman Island, regulatory regime.
[00:45:31] Leopoldt: However, under the Cayman AML framework- ultimate regulatory accountability remains with the VASP and the governing body at the end of the day. So your outsourcing transfers execution of the function, not the ownership of what actually needs to be done. So in essence, both parties can have exposure in, in a case like a VASP, but the VASP also retains the ultimate accountability for those, roles as well.
[00:46:02] Umar: Got it. Now, we've been discussing attribution, wallet screening, risk scoring a lot so far. I want to spend some time on regulation as well.
[00:46:12] Umar: So if I understand this correctly, so at the top sits, the Financial Action Taskwork- Workforce, the FATF, right? The global standard-setter whose recommendation every country would copy, and it's the origin of the Travel Rule, which the Travel Rule, it forces, VASPs to identify the counterparties of a transaction.
[00:46:34] Umar: There's a new one, which matters a lot to our accounting audience, is CARF, so Crypto-Asset Reporting Framework, which basically requires these digital assets platform, like exchanges, let's say, to collect customer data and reporting it then automatically between tax authorities starting in 2026, actually, right?
[00:46:56] Umar: So it feels like a lot of these regimes are converging to the same, demand, which is connecting every wallet to a verified real-world identity and reporting it, whether that's for AML or tax. Is this the right way for our listeners to understand what's happening?
[00:47:13] Leopoldt: I think so, Umar. One thing that we have found in this space is that regulators and regulatory requirements are starting to push heavily on the identity within the blockchain space, which is kind of, if you think about it, it's kind of controversy to the pseudonymity behind the crypto industry and how it started off in the, in, in the beginning, which is understandable to a large extent because they are also pushing to eliminate any bad actors, that are coming into the ecosystem.
[00:47:47] Leopoldt: And we all know that blockchain now has formed part of the financial system. Whether we want to agree with it or whether we want to accept it, it is part of the financial system at this moment, and we need to, to work together to, to also eliminate the bad actors. And back in the day when I was at university, I loved economics, I loved chain reactions, meaning let's say, the fuel prices go up in the US, how does food prices in South Africa go up?
[00:48:15] Leopoldt: And I built a, a chain reaction way back in the day, and something I've built into what I think and, and believe on a daily basis, especially in, in South Africa, is that regulation brings clarity, clarity brings certainty, certainty brings investment, which then brings growth at the end of the day. So regulation and pushing for CARF, pushing for Travel Rule, the FATF and what they're doing is not a bad thing per se.
[00:48:46] Leopoldt: Yes, it requires a lot more of the CASP, of the VASP, of the fund in, in order to comply with these things. But one thing that actually does stand out with a lot of our inspections that we work with our VASP now, where the regulator comes in and inspects them, is that specifically that you mentioned, they are pushing towards wallet ownership and wallet ownership verification in almost all instances.
[00:49:15] Leopoldt: How we used to implement it is to say for enhanced due diligence measures, so let's say I have a high-risk client, you're performing a bit more due diligence, enhanced due diligence, then we'll operate to say, okay, a wallet ownership verification test. But we are seeing a movement towards pushing that for all clients, and that will bring, bring an economic, I wanna say burden on a lot of VASPs and CASPs as well.
[00:49:43] Leopoldt: but CARF at the end of the day, I think we'll touch on this as well, but it, it, it forms part of your onboarding system and there will be a bigger burden, especially at onboarding
[00:49:55] Umar: And working with these finance teams, let's say what are... of course, it would depend if they're working for an exchange or a fund. I think for a foundation, this would be less applicable, right, on the regulatory side, but what are the most recurring questions that they would, uh, come to Provenance with, let's say at this moment in time?
[00:50:16] Leopoldt: So a lot of times it is like, I wanna say the, the... We are doing, take a step back, we are doing a lot of onboarding for clients as well. So from AML, perspective, doing the KYC, KYB onboarding, the wallet screening, the MLRO roles. So a lot of these, companies would come to us and say, "Guys," and I think there's a gray area.
[00:50:37] Leopoldt: We know CARF is just the fact as here is of, uh, the finance world coming into crypto world because there was no real legislation for that in the crypto space. So the burden is, is becoming bigger on the onboarding team or the onboarding process to collect this certain data required. So the data needs to be collected, stored in a, in a fashion that's actually, according to legislation.
[00:51:06] Leopoldt: And the one big thing that we are experiencing in the onboarding process while we are building out standard operating procedures for clients, their policies and procedures is especially the self-declaration that needs to be signed by the onboarding, applicant. So does that form part of the, let's say, signing of the agreement?
[00:51:28] Leopoldt: Does it form part of the onboarding? Where does that actually sit within? And that's where we see the whole system or the compliance role getting more and more and more, burdens onto them, and this is now falling just onto the compliance team or the compliance function at the end of the day as well.
[00:51:48] Leopoldt: So that is something that we are seeing in this space as well.
[00:51:52] Umar: All right. Now moving on to funds. At Provenance, you provide this comfort letter to fund administrators after you conduct this wallet screening and risk rating of the wallet. So basically the fund admin would have assurance on the investor's risk rating, right? So the first question is: What does a Provenance comfort letter actually attest to?
[00:52:17] Umar: Who would be relying on it? I mean, I mentioned of course the fund admin. Are there other parties relying on this?
[00:52:24] Leopoldt: Great question, Umar, and I love this and I love the, this side of my work, this work as well. It's something we came up with. We mentioned the trifecta effect. So when you have... let's say you have Leopoldt, who wants to invest into a fund.
[00:52:40] Leopoldt: Now the KYC has been completed, so we know traditional KYC onboarding, proof of address, your ID, all of those things- Right ... everything is quite easy.
[00:52:50] Leopoldt: And then on the second side, you'll have your wallet screening. So on your wallet screening side, you screen the wallet for any of the bad exposure, but there's a third element, the wallet ownership verification.
[00:53:03] Leopoldt: How do you know that Leopoldt, who you've KYC'd, actually owns and controls the wallet that you've screened and it's not Vladimir Putin's wallet mauled by Leopoldt into ecosystem? And that's then where the third thing, where we marry the KYC and the KYB to each other with the wallet ownership verification, and then we provide comfort to say, "Leopoldt is who he says he is.
[00:53:29] Leopoldt: The wallet is clean. Leopoldt owns the wallet, and therefore the risk rating then is high, medium, or low," etc. So especially the fund administrators and then also the directors and your AMLCOs will rely on that comfort before they make a decision to actually allow these funds, specifically if there are perhaps some sort of a high risk that you are mitigating at the end of the day.
[00:53:57] Umar: Just a follow-up question on this. How would you verify the ownership of the wallet, for example? Would you require the client to sign, like, a specific message?
[00:54:06] Leopoldt: Yes. So we, we have a couple of... We have automated, version. So with AI and automation, we are automating a lot of those things as well. But either we'll jump on a call with the investor or the, the owner, or we can do it, on automatic versions as well.
[00:54:23] Leopoldt: But in essence, it's asking the wallet owner to do certain actions that only someone with the private keys can actually do. It's almost like if I ask you for your bank, to prove me bank ownership, you put in your card into ATM, you draw 10 rand or $10, I know that you have ownership of that. So it's, it's similar, concepts
[00:54:46] Umar: Okay.
[00:54:46] Umar: So I mean, let's say they have the, you have the, the self-fund transfer. So you tell them, "Please send X amount of money from this wallet address to maybe this other wallet address." Now, let's say they have, like, 100 wallets, and obviously it's, they'll have to incur gas fees, like, on each wallet, and it's maybe a bit, bit more time-consuming, and on the logistics side, it's a bit more complicated to do.
[00:55:13] Umar: Is there... I don't know. Is there a tool used in practice for this or, yeah, how would you go about if that client has, like, 100 wallets?
[00:55:22] Leopoldt: So one of the things, there is something actually, uh, another shout-out to a company called 21 Analytics. So that's also a company that, does a AOPP. So, for s- specific, companies and clients, they provide this service.
[00:55:38] Leopoldt: And then also on, on the other side is a sign message method. So that doesn't cause you gas fees or anything like that, where we ask them to do a certain signature. So that just c- becomes a little bit difficult when you have, let's say, a Bitcoin wallet, that might not support sign message methods. Then it becomes a bit more of a hassle, but then we'll usually go on a due diligence call with the client.
[00:56:01] Leopoldt: It takes them, let's say, 10 to 15 minutes, but we run through all of it in one session. They don't need to click on 50 s- uh, links, do 60 different, actions. We try to make it as easy as possible at the end of the day. But it's also almost thinking about the, the cost that you are implying and the effort.
[00:56:23] Leopoldt: Does it actually have a means to it at the end? So does it actually fit the purpose? If it's... That's why we always just want to push for this en- enhanced due diligence measures, where let's say you have a low-risk client, there's no bad exposure, there's nothing happening, they're transferring $1,000. Does it make sense to, to go through all of this hassle for them as well?
[00:56:49] Leopoldt: And that's something that we are also pushing, putting to the regulators, globally.
[00:56:54] Umar: Perfect. Thanks for sharing. And Leo, going back to that fund admin, you said you do this onchain screening, this... you provide them the, this comfort letter. Would you know then how does that then ultimately plug in into their new investors' subscription process, or at what point does your work, like you hand off this work to now it's in their hands?
[00:57:20] Leopoldt: Great question. We've worked with so many funds to this date that we've come to a point where our process is incorporated into, the sub docs. So once they sign the subscription documents, our process is outlined in, let's say, two or three sentences. They provide the wallet address, so once they sign the subscription documents, we get a notification.
[00:57:43] Leopoldt: We do everything on our hand and simultaneously with KYC, and once we completed, KYC completed, everything gets sent to the fund, and the fund says, "It's fine. Onboarding has been, completed." So it's at onboarding stage specifically.
[00:58:00] Umar: Perfect. Now, there's been a recent, regulatory update regarding funds, in the Cayman Islands that, I know you're not...
[00:58:09] Umar: So, uh, initially I thought you were based in the Cayman Islands, but actually you're in South Africa, but you do regularly go as well to the Cayman Islands. A lot of your clients are based there. So in March of 2026, the Cayman Islands, they passed new amendments clarifying that tokenized funds now fall under the mutual fund and private funds framework rather than the VASP Act.
[00:58:35] Umar: I previously spoke to Petri Basson, who you know very well. He's the Co-founder of Provenance, Founder of Hash Directors as well. Spoke to him on episode 107 if the li- listeners wanna check that out. And he mentioned that the funds industry is much larger than the web3, of course, foundation industry.
[00:58:57] Umar: So I wanna ask you, how did you welcome this reclassification at Provenance? Is it now easier for tokenized funds to set up in the Cayman Islands with, you know, the, the other framework on mutual funds and private funds?
[00:59:11] Leopoldt: 100%, Umar, and, uh, yeah, Petri, what a, what a great guy as well. Also one of the founders like you mentioned.
[00:59:18] Leopoldt: And I think that these amendments are very positive, especially in development of the Cayman Islands. So we work with a lot of funds initially. We work with a lot of VASPs as well. And by bringing eligible tokenized funds under the Mutual Fund Act, or the framework does provide for greater regulatory clarity when recognizing that tokenized funds are here to stay, they are here to come.
[00:59:45] Leopoldt: And that still is the core of the investment fund. So- It also shows that the Cayman Islands is not standing still. They are keeping up with the times. They are continuing to adapt and look at the environment, look at the industry, and what is the best for that, but also the best for the Cayman Islands, and they wanna keep up to pace with that.
[01:00:08] Leopoldt: They wanna showcase, and I mean, they were one of the first movers, in the whole crypto regulated space back in the day. So they are forefront runners. So from our perspective, we welcome the change. We already support clients on operating tokenized funds in the tokenized space through KYC onboarding, KYB onboarding, wallet screenings, transaction monitoring.
[01:00:31] Leopoldt: So the expansion of the tokenized fund into the existing framework allows for us to bring the same compliance capabilities that we've been doing for so long into the broader market. So for us, we welcome it, and we know that the DAO foundation, the web3 space is massive, but the fund industry, it, it's, it's going to blow the roof as well, like we already know it is.
[01:00:55] Umar: Yeah, completely, Leo. Now, I'm looking at the time, just wanna be respectful of your time. We're nearly gonna be hitting what the hour mark and there's probably a last question that I wanna go through, Leo, which is about AI. So we're now, uh, regularly touching AI during every episode, I'm making it a point.
[01:01:14] Umar: So how are you actually using AI in your work at Provenance today? And yeah, where do you see as a whole the compliance function, onchain analytics function growing over the next few years?
[01:01:27] Leopoldt: Hundred percent. I think no conversation is a real conversation without AI and automation. We have it in our company on, I wanna say, almost all of our meetings we speak about this, and we are really encouraging all of our departments, all of our, services to streamline as much as possible by using technology like AI and automation.
[01:01:49] Leopoldt: So we are using AI and automation in a daily aspect, either it being refining reports, building out reports, building out certain process flows for, let's say, transaction monitoring, wallet screening, certain of our, audit department, AML officer reporting. I mean, a lot of our work relies and depends on reporting as well.
[01:02:10] Leopoldt: So if you can build out a system that thinks like you think, that does what you do, and you can review that at the end of the day, make, changes to it, I mean, it's, it's going to grow the industry, it's going to grow your pace. But there's always a but in this as well, is someone needs to stay accountable for that.
[01:02:30] Leopoldt: So going into the future, yes, we are using automation, we are using AI, agentic AI, and all of that in our day-to-day business because we need to keep up with the times. But when, I wanna say, when something happens, someone still needs to take ownership of that. There still needs to be a human behind making decisions and all of that, that can be accountable when the time comes.
[01:02:56] Leopoldt: So yeah, we are lo- looking at automation, AI in order to, through the lens of building out our processes and also identifying the best tools out there to use in this day and age. So very relevant, and we need to keep up with the times as well.
[01:03:14] Umar: So if one of those functions we went through earlier, like, wallet attribution, risk scoring, where's AI being used mostly right now, let's say for a co- at a company like yours?
[01:03:26] Leopoldt: So for us, it's especially when you see, certain high risks like, let's say, sanctions. In order to understand without having your, analyst going into everything, reading, going through it, is to make a, a quick decision by looking at the attribution, let's say the sanctions involvement, the timing thereof, their percentage exposure, and then all of the transactions and transaction flows, spitting out, "Listen, this is actually something that the analyst needs to review," or is this something that you can, I wanna say, bypass to a certain extent?
[01:04:03] Leopoldt: The same goes for our KYC, KYB onboarding, where we use AI to say, "If all of these things check out, Leopoldt is who he says he is, ID has been verified, his personal face has been verified," then automatically it can be pushed through as well. So it's in order to simplify that, but not taking over the, "Listen yes or no" at the end of the day.
[01:04:27] Umar: Perfect. Now, Leo, the title of the episode today was Onchain Analytics for Compliance. Has there been anything that we didn't go through that you'd like to share with the listeners? Or maybe how would you s- how would you just summarize this episode for the listeners?
[01:04:44] Leopoldt: I would say, I've been in a lot of conversations.
[01:04:47] Leopoldt: I've been in compliance for more than a decade now, and compliance, I want especially the finance team, your, your, your finance professionals and auditors and, and all of those out there to think about compliance not as the ankle-tapping side of the business, we ankle tap everything, but to look at it as the function that safeguards not just the reputation, but also headaches like sanctions and frozen funds and all of those.
[01:05:17] Leopoldt: So I want the perspective to change from we are always saying no, we are always bringing bad news and all of that, to a function of we can really assist you guys with your headache. We can be the, I wanna say, the morphine to the, to the headache, for the guys out there. So, and someone needs to do it, and we love doing it out there.
[01:05:38] Leopoldt: It's
[01:05:39] Umar: a good way to put it. There's a last question that I like to ask to my guests before they leave, Leo, is, uh, do you have a favorite quote or let's say like a maxim that you live by or you regularly repeat to yourself, let's say?
[01:05:54] Leopoldt: Oof. one thing I, like, I grew up on a farm. I'm very fortunate with an amazing dad as well, and he always taught me, "If you sleep late when you're young, you need to get up early when you're old."
[01:06:08] Leopoldt: So it's always that thing to catch the first light, to be on your best, to, yeah, I, I, we don't believe in clock watching, we believe in getting the job done, not just in, in compliance, but in my private life, my professional life, my family life. So it's that thing to grasp the day, make the best out of it, and then at the end of the day, integrity above all.
[01:06:30] Leopoldt: I'm just one of those guys, I'd rather get something in a, in the right way than gaining something in the wrong way, because you work a lifetime at your reputation, your name, and you, with one bad decision, you can erase that. So for me, it's living in, in line with that.
[01:06:49] Umar: And lastly, before we wrap up, Leo, if people want to reach out to you, what's the best place to do so?
[01:06:55] Umar: Of course, I share the website of Provenance in the show notes, which for the listeners is provenancecompliance.com, right? And, uh, maybe are you active on LinkedIn or what's the best place for people to reach out to you if they wanna connect?
[01:07:11] Leopoldt: 100%. First of all, if you are on Accountant Quits, the tool, the app, I'm over there with, with everyone else, with Umar and the guys.
[01:07:19] Leopoldt: Secondly, LinkedIn is always a great professional way. Yeah, you can see my a- my profile is active, so it is me at the end of the day. It's not a, not a AI agent. And then, email as well, like, uh, leopoldt@provenancecompliance.com. Happy to receive any of those.
[01:07:35] Umar: Perfect. Well, thanks a lot for your time today, Leo.
[01:07:37] Umar: It was great, and I'm looking forward to stay in touch.
[01:07:41] Leopoldt: Thank you very much, Umar, and everyone out there. Love the show. Love what you guys are doing.
