Oris is infrastructure. It produces cryptographic compliance proof. The developer remains the legal customer of record on every payment rail and remains responsible for their own regulatory obligations.
This page maps Oris primitives to specific framework requirements. It is not legal advice.
FinCEN Bank Secrecy Act (US)
| Requirement | Where Oris helps |
|---|
| Customer Identification Program | KYA ladder L0 -> L4 with attested evidence |
| Suspicious Activity Reports | SAR auto-flag at $10k + risk tier + sanctions hit |
| Currency Transaction Reports | Audit log captures every transaction with USD value |
| Record retention (5 years) | Seven-year retention (exceeds BSA minimum) |
| OFAC SDN screening | Sanctions feed live, blocked tier hard stops |
EU AMLD (Anti-Money Laundering Directive)
| Requirement | Where Oris helps |
|---|
| Customer Due Diligence | L1 KYB attestation + L2 user delegation |
| Enhanced Due Diligence | L4 institutional review + sealed envelope |
| Sanctions screening (EU restrictive measures) | EU Sanctions Map feed live |
| Beneficial ownership | KYB attestation carries beneficial ownership record |
| Record keeping (7 years) | Seven-year retention matches |
EU MiCA (Markets in Crypto-Assets)
| Requirement | Where Oris helps |
|---|
| Service provider authorization | Oris is infrastructure, the developer holds the license |
| Custody segregation | BYOK keeps custody with the developer’s provider |
| Transaction transparency | Compliance bundle anchored on chain |
| Consumer protection records | Audit trail with seven-year retention |
EU AI Act
| Requirement | Where Oris helps |
|---|
| High-risk AI identification | Agent registration with documented purpose |
| Logging and traceability | Audit trail of every agent action |
| Human oversight | Escalation thresholds route to human approval |
| Drift monitoring | Behavioral baseline + drift score, auto-demote |
OCC guidance (US national banks)
| Requirement | Where Oris helps |
|---|
| Third-party risk management | Oris is non-custodial, no money-transmitter scope |
| Transaction monitoring | Compliance screening on every transaction |
| Audit and exam readiness | Verifiable audit trail with on-chain anchor |
What the developer still owes
- A money-transmitter license where required by jurisdiction.
- A registered KYB / KYC program for their own customers.
- AML program compliance (training, monitoring, reporting).
- A relationship with a custody provider for actual fund movement.
- Filing SARs and CTRs when triggered.
Oris reduces the operational burden by producing the evidence. The legal responsibility stays with the developer.
Where to go next
