Crypto Compliance Framework
Handbook

Canonical entries are intentionally scope-bounded. This site is not legal advice and does not assert regulatory compliance.

Governance

The framework is designed for deterministic, auditable publishing in regulated banking environments in the EU/UK.

Ownership model

  • Agent pipeline may draft and update entries as working artifacts.
  • Only human reviewers can move an entry to published status.
  • Published changes require pull request review and explicit approval.

Review cadence

  • Signals are monitored continuously by scheduled pipeline runs.
  • Published entries carry a lastReviewed date.
  • Review timing is risk-proportionate and governed by human change control.

Publish criteria

  • Mandatory frontmatter and required section order must pass validation.
  • Published entries must define entryIntent, jurisdictions, regimes, referencePolicy, agentUsage, and citationVerified: true.
  • Published entries must include 2 to 3 related concepts.
  • Published entries must include 2 to 5 sources, including at least 2 primary sources.
  • Entries using high-inference risk classes (including aggregation_risk) must define at least two prohibited inferences.

Authority tiering

Authority tier is derived automatically from cited primary instruments and cannot be manually set.

Changelog policy

  • Content and machine-interface changes are versioned in Git history.
  • The machine interface includes change-log.json as a best-effort summary.
  • Each published entry exposes deterministic hashes and provenance metadata.

Non-claims

This framework does not provide legal advice, does not interpret legal obligations, and does not claim that any entry or process guarantees regulatory compliance.