Source-of-Funds and Source-of-Wealth: The Five-Layer Dossier for Crypto Founders

Ask any MLRO at a bank that onboards crypto founders why files fail, and the answer is the same: source of funds and source of wealth. Not capital adequacy, not licensing, not even sanctions exposure. The file gets rejected because the founder cannot answer, with documents, the question: where did this crypto actually come from, and can you prove it?

A sentence like "I mined 5,000 BTC in 2013" is not a source-of-funds answer. It is a claim. What banks need is a chain-of-custody narrative supported by five evidence layers that collectively rule out money laundering, sanctions evasion, tax evasion, and unlicensed VASP activity. A claim with no documents is a red flag. A claim with five layers of corroboration is a file the bank can defend to its own regulator.

This guide is the Five-Layer SOF Dossier — the structure Finconduit uses when we assemble banker-ready packs for crypto founders. Five layers, in order: Origin Event, Chain-of-Custody, Off-Chain Corroboration, Sanctions & Counterparty Hygiene, and Narrative Cover Memo. Skip any layer and the file looks evasive. Hit all five and you give the bank what it needs to say yes.

Under the EU's AML Regulation (Regulation (EU) 2024/1624)¹^[1], banks must apply enhanced due diligence to any customer with material crypto exposure. The threshold for EDD includes establishing the source of the funds and the source of the customer's wealth — and the standard is not the customer's word. It is documentary evidence the bank can present to its supervisor.

The FCA's Financial Crime Guide²^[2] is explicit: firms must corroborate SOF and SOW with documents that are reliable, independent, and verifiable. For crypto founders this is structurally harder than for traditional wealth, because the dominant proof — the blockchain — needs to be married to off-chain identity. A wallet address is not a person.

The result is a systemic asymmetry: a property developer with a single mortgage redemption statement passes SOW in ten minutes; a founder with €8M in self-custodied BTC accumulated over a decade is treated as highest risk by default. The dossier exists to flip that default.

In our experience assembling files for crypto founders, well over 70% of bank rejections that get written up internally as "appetite mismatch" are really SOF/SOW failures the bank could not defend in committee. The good news: that is a fixable problem.

Picture the dossier as a stack. The bottom layer is the Origin Event — the moment value entered the founder's control. On top of that sits the Chain-of-Custody — every hop from origin to today's wallet. Wrapping both is Off-Chain Corroboration: tax filings, KYC exports, employment records, audited accounts. On top of that, Sanctions and Counterparty Hygiene — analytics reports that prove no exposure to sanctioned addresses, mixers, or darknet markets. Finally, the Narrative Cover Memo — a founder-written declaration that walks the reviewer through the four evidence layers in chronological order, citing each document by exhibit number.

Each layer answers a specific question the MLRO has to be able to answer in committee: where did it start, where has it lived, who else says so, who has touched it, and what is the story. Miss one and the file has a hole. Hit all five and the file becomes a defensible internal record.

• Layer 1 — Origin Event: the founding transaction. Mining, ICO, employment income, capital raise, pre-seed token grant, OTC purchase.

• Layer 2 — Chain-of-Custody: wallet-to-wallet provenance, exchange flows, hardware-wallet attestation, cold-storage timeline.

• Layer 3 — Off-Chain Corroboration: tax filings, capital-gains declarations, exchange KYC records, invoices, audited financials.

• Layer 4 — Sanctions & Counterparty Hygiene: Chainalysis, Elliptic, or TRM Labs screening reports; exposure scoring; mixer and sanctioned-entity proximity.

• Layer 5 — Narrative Cover Memo: 2–4 page founder declaration tying layers 1–4 into a chronological story, with each claim cited to an exhibit.

The Origin Event is the moment crypto first entered the founder's economic life. It is the anchor of the whole dossier — every later transaction is a derivative of this event, and if the origin is weak, no amount of downstream documentation will save the file.

Five canonical origin events show up repeatedly. Each has its own evidentiary signature, and the dossier should identify which one applies before any documents are gathered.

For a mining origin, the file needs: rig purchase invoices (with serial numbers), electricity bills from the relevant period, pool-payout history exported from the mining pool, and the coinbase transaction hashes that paid into the founder's first wallet. If the founder mined solo in 2010–2013, electricity bills from a decade ago are usually unavailable — substitute with a sworn statement plus any landlord/utility correspondence that can place the founder at the mining location during the period.

For ICO participation, the dossier needs: the SAFT or token purchase agreement, the bank wire or BTC/ETH transfer used to fund the participation, the receiving address declared by the issuer, and ideally an issuer-side confirmation of the allocation. Whitepaper screenshots are not evidence.

For crypto-denominated salary or token grants, the dossier needs: the employment contract, vesting schedules, monthly payslips or payment records, and the corresponding tax declarations. If the employer was itself a regulated entity, an employer letter referencing the regulator's licence number adds substantial weight.

For founder equity that converted into crypto holdings, the dossier needs: the SAFE or SAFT documents, the cap table at issue, the wire transfers from the investors, and corporate resolutions authorising the raise. If investors were themselves regulated funds, copies of their LP agreements (redacted) or fund prospectus add credibility.

The simplest origin: founder used post-tax salary or business profit to buy crypto on a KYC'd exchange. Evidence: payslips or audited accounts showing the source income, bank statements showing the fiat transfer to the exchange, exchange trade history, withdrawal transaction hashes. This is the cleanest origin and the one banks accept fastest.

The chain-of-custody layer connects the origin event to today's holdings. The bank wants to see that the same value moved through identifiable wallets without unexplained gaps, mixer hops, or interactions with sanctioned addresses.

The minimum chain-of-custody artefact set is: a wallet inventory (every address the founder has controlled, dated), a transaction graph showing the flow from origin wallets to current holdings, exchange-flow exports from every venue used, and hardware-wallet attestations for any self-custody periods.

The most powerful chain-of-custody artefact is a third-party attestation from a recognised analytics vendor. Chainalysis Reactor, Elliptic Investigator, and TRM Forensics all produce structured reports that banks recognise. The report should trace from origin wallet to current wallet, flag any high-risk hops, and classify counterparties.

Founders who held coins in cold storage for years without any on-chain activity create a documentation gap banks find uncomfortable. Resolve it with: hardware-wallet device attestation (serial number, purchase invoice, firmware version), a notarised statement affirming continuous control, and a signed message from the address proving present-day control. The combination converts "the chain went quiet" into a defensible silence.

On-chain proof shows what addresses did. Off-chain proof shows who the addresses belong to and that the value was lawfully acquired and properly taxed. The EBA's CDD Guidelines (EBA/GL/2023/03)³^[3] make clear that crypto exposure does not relieve a credit institution of the obligation to collect conventional documentary proof of source.

The core off-chain corpus, in priority order:

• Tax filings — personal income tax returns covering every year of material crypto activity, with capital-gains schedules.

• Exchange KYC records — KYC-completion letters, account-opening confirmations, and full trade exports from every exchange the founder has used.

• Employment records — employer letters, payslips, P60/W-2 equivalents, tax withholding certificates.

• Audited financials — for any operating company the founder controlled, audited accounts covering the period in which crypto was distributed as compensation or dividend.

• Contractor invoices — for crypto received as fees, signed invoices with counterparty details and matching on-chain payments.

• Capital-raise documents — SAFE/SAFT agreements, board resolutions, subscription confirmations, escrow release letters.

The structural test for off-chain corroboration is cross-referenceability: every material on-chain event should have at least one off-chain document that names the same date, amount, and counterparty. Banks check for this. A timeline where the on-chain receipts predate the off-chain corroboration is a red flag worth a rejection.

Sanctions screening on a crypto founder is structurally different from screening on a fiat customer. Beyond name-screening, the bank wants to see address-level exposure analysis — every wallet the founder has touched, scored against sanctioned and high-risk address lists. The FATF's Updated Guidance for a Risk-Based Approach to Virtual Assets⁴^[4] sets the global expectation: VASPs and their banking counterparties must conduct on-chain analytics, not just sanctions list screening.

The three vendors banks recognise out of the box are Chainalysis, Elliptic, and TRM Labs. The dossier should include at least one full report. The report must cover: sanctioned-entity proximity, mixer and tumbler exposure, darknet market interaction, high-risk jurisdiction exposure, and an aggregate risk score for each address.

A clean report is rare. Almost every founder with multi-year crypto activity will have some non-zero exposure — a counterparty turned out to be a sanctioned exchange, an early gambling site interaction, a swap through a privacy-preserving protocol. The dossier should address each flagged hop explicitly in the narrative memo: when, how much, what was known at the time, and what the founder did after.

Concealment is fatal. A bank that finds exposure the founder failed to disclose is a bank that closes the file and reports the customer internally. Disclosure with context is survivable; concealment is not.

The cover memo is a 2–4 page founder-written declaration that walks the MLRO through the chronological story of how the founder came to control today's crypto holdings. It cites each of the underlying exhibits by number and ties them into a single coherent narrative.

The memo is not optional. Without it, the reviewer has to construct the story themselves from raw exhibits — and they will not. A pack of documents without a memo gets returned with "please clarify the source of funds" almost every time.

• Section 1 — Executive summary: one paragraph stating today's holdings, the origin event, and the headline corroboration.

• Section 2 — Origin chronology: dated walk-through of the origin event with exhibit cites (Ex. A1, A2…).

• Section 3 — Custody timeline: wallet inventory, custody changes, exchanges used, cold-storage periods (Ex. B1–B9).

• Section 4 — Tax and reporting position: jurisdictions filed in, capital gains disclosed, residency moves (Ex. C1–C6).

• Section 5 — Sanctions and counterparty discussion: addresses each flagged item in the analytics report by hash (Ex. D1).

• Section 6 — Declaration and signature: dated, signed, and where the jurisdiction supports it, notarised.

Write the memo in the founder's voice but with a banker's vocabulary. Avoid hype, avoid ideology, avoid speculation. The MLRO is reading for facts, dates, amounts, and exhibits — give them that and nothing else.

Banks routinely conflate the two terms, but they are technically distinct and the dossier needs to satisfy both.

The pattern of failures is consistent across banks. The fix in every case is the same: a stronger document, properly cited.

Across hundreds of files, the same five failure modes account for the overwhelming majority of SOF/SOW rejections. Knowing them in advance is the cheapest form of compliance.

Founders redact counterparty names, wallet addresses, or amounts for confidentiality. The bank reads redactions as concealment. Leave redactions for genuinely irrelevant fields (other parties' personal data) and explain every redaction in the memo.

On-chain activity that predates the off-chain documentation creates the appearance of retro-fitted justification. Every claim in the memo should match the dated documents in the exhibits.

Any analytics report disclosing mixer activity that the memo fails to discuss is a dead file. Address it head-on with date, amount, and rationale.

Years of on-chain silence read as a chain-of-custody break unless explicitly resolved with device attestations and signed messages.

A memo that says "funds were held in cold storage from 2018–2022" while the chain shows three exchange withdrawals in that window is a credibility-destroying contradiction. Write the memo against the chain, not against memory.

A complete five-layer dossier can be assembled in 10 working days if the founder is responsive and the underlying records exist. The sprint structure below maps to the JMLSG Guidance Parts I & II⁵^[5] standards that UK banks apply by default.

Identify the origin event, every jurisdiction of tax residency, every wallet ever controlled, every exchange ever used. Output: a one-page chronology.

Pull tax returns, exchange KYC packs, contracts, invoices, board minutes, audited accounts. Anything missing is logged as a known gap to be addressed by sworn statement.

Commission a Chainalysis, Elliptic, or TRM report covering every founder-controlled address. Review for sanctioned and mixer exposure before the bank sees it.

Number every document (A1, A2, B1…), build an exhibit index, redact only third-party PII, and Bates-stamp the pack.

Draft the cover memo, cite every claim to an exhibit, run it past counsel, sign and notarise where required. The pack is now banker-ready.

The 6AMLD (Directive (EU) 2018/1673)⁶^[6] expanded predicate offences for money laundering to 22 categories — including tax crimes — and introduced criminal liability for legal persons. For a bank, this means accepting a deposit whose origin includes an undeclared crypto disposal is not merely a regulatory failure — it is potentially a predicate offence the bank's officers can be charged for.

That criminal-liability overhang is why tax filings have become the single most demanded document in modern SOF/SOW packs. Banks no longer treat undeclared crypto as the customer's problem — they treat it as their problem. If the dossier cannot show that material gains were declared, the file does not progress.

Acceptable proof combines on-chain evidence with off-chain documents. The on-chain side is wallet history, exchange withdrawals, and an analytics report tracing the funds back to a verified origin. The off-chain side is tax filings, exchange KYC records, employer letters, capital-raise documents, or audited accounts that name the same dates and amounts as the on-chain record. A bank wants both — neither alone is enough.

On-chain proof is necessary but not sufficient for SOW. SOW asks how the customer accumulated their total wealth over time, and the answer must be grounded in conventional evidence — tax returns, employment income, capital raises, business profits — corroborated by the chain rather than replaced by it. A wallet inventory alone is treated as identity proof, not wealth proof.

For source of funds, evidence usually needs to cover the last 1–3 material transactions feeding the deposit. For source of wealth, the dossier must trace back to the origin event — which for a long-term holder can mean 10+ years of intermittent documentation. Banks accept dated gaps if they are explained and bridged by sworn statements or device attestations.

A Chainalysis, Elliptic, or TRM Labs report is a near-mandatory component of Layer 4 (Sanctions & Counterparty Hygiene) and a strong supporting artefact for Layer 2 (Chain-of-Custody). It is not a substitute for the origin event proof or the off-chain corroboration layer. Banks read it as third-party attestation that the addresses are clean — not as evidence that the customer earned them lawfully.

Yes. Under EU and UK AML rules, banks retain CDD records — including SOF/SOW dossiers — for a minimum of five years after the end of the customer relationship, and longer if the file is referenced in a SAR. Founders should keep their own copies indefinitely, since the same dossier will be requested by every subsequent bank, custodian, and prime broker.

• Bank Diligence File for Regulated Crypto Firms: the corporate-entity counterpart to the founder dossier — what banks demand at the legal-entity level.

• What Banks Actually Evaluate When Onboarding a CASP: the full bank decision matrix beyond SOF/SOW, with weighting and red-flag thresholds.

• AML Audit for a Regulated Crypto Firm: annual audit scope, sample sizes, and the SOF/SOW-specific tests auditors run.

• The 2026 Substance Bar: how operational substance interacts with SOF/SOW credibility at the corporate level.

The five-layer dossier is not a compliance hurdle to clear once. It is the permanent record that every future banking, custody, and prime-brokerage relationship will be built on. Founders who build it once — properly, with exhibit indexing and counsel review — find that subsequent onboardings shrink from months to weeks. Founders who patch together fresh evidence at every application stay in the perpetual onboarding loop. Build the dossier early, maintain it as transactions accumulate, and the bank's answer changes from "appetite mismatch" to "welcome to the bank."