SaaS
AI/ML
Platform Design
CISO AI-Powered Address Risk Profile
Empowering investigators and compliance teams with faster and accurate decisions through AI risk scoring.
Year
2019-2020
Role
0→1 Product Strategy, End-to-End UX, UI Craft
At a Glance
CISO’s AI-Powered Address Risk Profile helps investigators and compliance teams spot risky addresses quickly. It combines AI risk scoring, clear explanations, and suspicious activity evidence in one place, turning hours of manual checks into minutes.
I led the effort to build CISO from the ground up, a cloud-based risk, compliance, and investigation platform powered by an AI wallet risk scoring engine. This case study focuses on the earliest stage, when we built the Address Risk Profile alongside an API for large-scale address screening. Together, these became the foundation of the platform before it expanded into investigation tools.
Impact
10x
customer growth after launch
95%
faster reviews and reporting
Problem
Crypto compliance teams had no reliable way to assess wallet risk—manual checks were slow, inconsistent, and blocked early adoption by Crypto trading firms and exchanges.
Solution
An AI-powered Address Risk Profile and API delivered fast, explainable wallet screening at scale, with suspicious activity evidence included to support compliance reporting and streamline workflows.
Context
In 2019, crypto firms were under pressure to meet compliance requirements, but wallet addresses were anonymous and difficult to evaluate. Exchanges often had no way to know who was on the other side of a transfer.
At the time, all we had was an internal dashboard monitoring blockchain transaction data. It wasn’t built for compliance, and clients said it took hours to review a single address. This gap made it clear we needed to design the full compliance workflow, from the first alert to reporting.
The product at the time is more of a data viewer than a compliance solution
Discovery
How Compliance Really Worked
Our early clients were crypto trading firms moving funds across exchanges and multiple sources. Large transfers often froze operations while teams manually checked wallet risk through dashboards and intel sources, sometimes taking days and creating real friction for customers.
With larger exchanges, I saw the same challenge from another angle: without fast wallet screening up front, compliance teams couldn’t move quickly. A clear risk score was the missing first step toward a proper compliance workflow.
Core Problems
No Context on Wallets
Most blockchain addresses were unlabeled. Outside of sanctioned lists, teams had no way to know if a wallet was safe or risky.
Confusing Transaction Logs
Bitcoin transfers often had many inputs and outputs. Raw logs make it hard to trace flows or explain why they were suspicious.
Gaps in the Workflow
Our dashboard showed data, but not the way compliance teams worked. Analysts had to juggle spreadsheets and explorers just to finish one case.
The Solution
CISO Address Risk Profile
The CISO Address Risk Profile was built as the foundation of the compliance platform. This was the first release that turned a raw data viewer into a compliance solution and opened the door to adoption by trading firms, exchanges, and financial institutions. It gave analysts a single page to see wallet risk scores tied to real-world entities, review suspicious activity evidence, trace flows in the transaction graph, and download risk reports for compliance.
+ API Integration for Scale
Alongside the platform, we paired the product with an API that allows batch screening of addresses. This made it easy for clients to integrate risk checks directly into their own monitoring tools. For teams that preferred a visual interface, we also designed a dashboard to track and manage queries in real time.
Approach
1. Reframe the Platform Around Compliance Workflows
I reframed the product from a data dashboard into a compliance platform, starting with the risk score as the foundation. Since we couldn’t build everything at once, I prioritized wallet screening and suspicious activity evidence as the first scalable features. These replaced the old dashboard and set the structure
2. Map Compliance Review Steps
I observed analysts during SAR (Suspicious Activity Report) reviews to understand how they judged risk, then worked with data scientists to translate those manual checks into measurable signals: behavioral activity, attributes/intel, and hacking/news exposure. Together with engineers, we combined them into a calibrated risk matrix that became the foundation of the AI-powered risk score.
Early diagram turning review steps into a three-signal risk score model
✅ Outcome
Manual checks collapsed into a single explainable score with evidence, cutting review time from hours to minutes.
3. Make Scores Explainable
The first score was just a flag with no context. Through client testing and iteration, I evolved it into a clear summary: a radar chart of the three signals paired with plain text explanations (e.g. “30% tied to bad actors”). This struck the balance between transparency for users and feasibility for engineering.
Iterations on the risk score to add evidence and make risky addresses clearer.
✅ Outcome
Analysts could see why a score was high, improving trust and adoption.
4. Provide Suspicious Activity Evidence for Reporting
Early versions of suspicious activity grouped suspicious activity on a timeline, but teams lacked an overview of total funds involved. Through iteration, I redesigned it into an aggregated evidence chart with drill-downs. The trade-off was backend limits, we couldn’t update continuously, so the engineering team optimized by batching updates daily. This kept the system efficient while still giving analysts faster pattern recognition and easier reporting.
❌ Option A: Expandable Timeline
Pros
Lightweight on engineering, easier to support
Shows frequency of suspicious activity over time
Allows analysts to expand specific batches for details
Cons
Only gives a basic overview upfront
Must click into each batch to see transaction breakdowns
Slower for spotting overall patterns
✅ Option B: Aggregated Analytics Chart
Pros
Comprehensive overview at a glance
Faster pattern recognition and easier reporting
Reduces manual clicking to piece together details
Cons
Heavier engineering effort to implement
Required backend optimization (solved with daily batch updates)
✅ Outcome
Compliance teams got faster pattern recognition and clearer evidence for SAR reporting without overwhelming the backend.
5. Build the Investigation Graph
With the risk score established, the next objective was to help analysts understand how funds moved. I collaborated with engineers to design a transaction graph that replaced endless scrolling through raw logs, allowing analysts to expand nodes, trace flows, and connect to labeled entities. Through workshops and iterations, we added filters and incremental loading to handle large datasets within backend limits.
From raw BTC logs to graph concept.
Final transaction graph after multiple iterations.
✅ Outcome
Investigations that once took hours in spreadsheets and explorers could now be completed in minutes, with patterns and suspicious flows visible at a glance.
The Impact
10x Buyer Growth After The Launch
This was the first product our company brought to market, and it opened the door with exchanges, financial institutions, and even government investigators. The BEI API and platform together became the entry point that closed deals and built trust with clients. Over time, as larger exchanges built their own screening tools, our product shifted toward investigation.
Reflections
If I had more time at the start, I would have invested in deeper research into the full compliance workflow. Later we learned that larger exchanges already had strong internal monitoring systems, and what they really needed from us was our API and the investigation platform. That insight shaped how CISO grew, the address risk profile became the foundation, and over time the transaction graph and investigation tools turned into the core of the product.