--- title: "Source-of-Funds and Source-of-Wealth: The Five-Layer Dossier for Crypto Founders" slug: source-of-funds-source-of-wealth-crypto-dossier publishedAt: 2026-05-24T10:30:00Z author: Finconduit Editorial Team tags: AMLR, 6AMLD, FATF, AML/KYC canonicalUrl: https://finconduit.com/resources/source-of-funds-source-of-wealth-crypto-dossier --- # Source-of-Funds and Source-of-Wealth: The Five-Layer Dossier for Crypto Founders Banks reject more crypto-founder accounts on SOF/SOW gaps than any other dimension. The five-layer dossier that closes the file. Ask any **MLRO** at a bank that onboards crypto founders why files fail, and the answer is the same: **source of funds** and **source of wealth**. Not capital adequacy, not licensing, not even sanctions exposure. The file gets rejected because the founder cannot answer, with documents, the question: *where did this crypto actually come from, and can you prove it?* A sentence like *"I mined 5,000 BTC in 2013"* is not a source\-of\-funds answer. It is a **claim**. What banks need is a **chain\-of\-custody narrative** supported by five evidence layers that collectively rule out **money laundering, sanctions evasion, tax evasion, and unlicensed VASP activity**. A claim with no documents is a red flag. A claim with five layers of corroboration is a file the bank can defend to its own regulator. This guide is the **Five\-Layer SOF Dossier** — the structure Finconduit uses when we assemble banker\-ready packs for crypto founders. Five layers, in order: **Origin Event**, **Chain\-of\-Custody**, **Off\-Chain Corroboration**, **Sanctions & Counterparty Hygiene**, and **Narrative Cover Memo**. Skip any layer and the file looks evasive. Hit all five and you give the bank what it needs to say yes. ## Why SOF/SOW Is the \#1 Reason Crypto Founder Accounts Get Rejected Under the EU's [AML Regulation \(Regulation \(EU\) 2024/1624\)](https://eur-lex.europa.eu/eli/reg/2024/1624/oj)¹[^1], banks must apply **enhanced due diligence** to any customer with material crypto exposure. The threshold for **EDD** includes establishing the **source of the funds and the source of the customer's wealth** — and the standard is not the customer's word. It is documentary evidence the bank can present to its supervisor. The [FCA's Financial Crime Guide](https://www.handbook.fca.org.uk/handbook/FCG/3/)²[^2] is explicit: firms must **corroborate** SOF and SOW with documents that are **reliable, independent, and verifiable**. For crypto founders this is structurally harder than for traditional wealth, because the dominant proof — the blockchain — needs to be married to off\-chain identity. A wallet address is not a person. The result is a **systemic asymmetry**: a property developer with a single mortgage redemption statement passes SOW in ten minutes; a founder with **€8M** in self\-custodied BTC accumulated over a decade is treated as **highest risk by default**. The dossier exists to flip that default. In our experience assembling files for crypto founders, well over **70%** of bank rejections that get written up internally as *"appetite mismatch"* are really SOF/SOW failures the bank could not defend in committee. The good news: that is a fixable problem. ## The Five\-Layer Dossier — Overview Picture the dossier as a stack. The bottom layer is the **Origin Event** — the moment value entered the founder's control. On top of that sits the **Chain\-of\-Custody** — every hop from origin to today's wallet. Wrapping both is **Off\-Chain Corroboration**: tax filings, KYC exports, employment records, audited accounts. On top of that, **Sanctions and Counterparty Hygiene** — analytics reports that prove no exposure to sanctioned addresses, mixers, or darknet markets. Finally, the **Narrative Cover Memo** — a founder\-written declaration that walks the reviewer through the four evidence layers in chronological order, citing each document by exhibit number. Each layer answers a specific question the **MLRO** has to be able to answer in committee: *where did it start, where has it lived, who else says so, who has touched it, and what is the story*. Miss one and the file has a hole. Hit all five and the file becomes a defensible internal record. > **Tip:** Build the dossier in evidence\-first order: collect documents for layers 1–4 before writing the narrative memo. Memos written before the evidence is in the room invariably contradict it. - **Layer 1 — Origin Event**: the founding transaction. Mining, ICO, employment income, capital raise, pre\-seed token grant, OTC purchase. - **Layer 2 — Chain\-of\-Custody**: wallet\-to\-wallet provenance, exchange flows, hardware\-wallet attestation, cold\-storage timeline. - **Layer 3 — Off\-Chain Corroboration**: tax filings, capital\-gains declarations, exchange KYC records, invoices, audited financials. - **Layer 4 — Sanctions & Counterparty Hygiene**: Chainalysis, Elliptic, or TRM Labs screening reports; exposure scoring; mixer and sanctioned\-entity proximity. - **Layer 5 — Narrative Cover Memo**: 2–4 page founder declaration tying layers 1–4 into a chronological story, with each claim cited to an exhibit. ## Layer 1: The Origin Event The **Origin Event** is the moment crypto first entered the founder's economic life. It is the anchor of the whole dossier — every later transaction is a derivative of this event, and if the origin is weak, no amount of downstream documentation will save the file. Five canonical origin events show up repeatedly. Each has its own evidentiary signature, and the dossier should identify which one applies before any documents are gathered. ### Mining — the hardest origin to prove For a **mining** origin, the file needs: rig purchase invoices \(with serial numbers\), electricity bills from the relevant period, pool\-payout history exported from the mining pool, and the coinbase transaction hashes that paid into the founder's first wallet. If the founder mined solo in 2010–2013, electricity bills from a decade ago are usually unavailable — substitute with **a sworn statement plus any landlord/utility correspondence** that can place the founder at the mining location during the period. ### ICO or token sale participation For **ICO participation**, the dossier needs: the SAFT or token purchase agreement, the bank wire or BTC/ETH transfer used to fund the participation, the receiving address declared by the issuer, and ideally an issuer\-side confirmation of the allocation. Whitepaper screenshots are not evidence. ### Employment income at a crypto company For **crypto\-denominated salary or token grants**, the dossier needs: the employment contract, vesting schedules, monthly payslips or payment records, and the corresponding tax declarations. If the employer was itself a regulated entity, an employer letter referencing the regulator's licence number adds substantial weight. ### Pre\-seed or seed capital raise For **founder equity that converted into crypto holdings**, the dossier needs: the SAFE or SAFT documents, the cap table at issue, the wire transfers from the investors, and corporate resolutions authorising the raise. If investors were themselves regulated funds, copies of their LP agreements \(redacted\) or fund prospectus add credibility. ### OTC or exchange purchase from declared income The simplest origin: founder used post\-tax salary or business profit to buy crypto on a **KYC'd exchange**. Evidence: payslips or audited accounts showing the source income, bank statements showing the fiat transfer to the exchange, exchange trade history, withdrawal transaction hashes. This is the cleanest origin and the one banks accept fastest. ## Layer 2: Chain\-of\-Custody The **chain\-of\-custody** layer connects the origin event to today's holdings. The bank wants to see that the same value moved through identifiable wallets without unexplained gaps, mixer hops, or interactions with sanctioned addresses. The minimum chain\-of\-custody artefact set is: a **wallet inventory** \(every address the founder has controlled, dated\), a **transaction graph** showing the flow from origin wallets to current holdings, **exchange\-flow exports** from every venue used, and **hardware\-wallet attestations** for any self\-custody periods. ### On\-chain attestation via analytics vendors The most powerful chain\-of\-custody artefact is a third\-party attestation from a recognised analytics vendor. **Chainalysis Reactor**, **Elliptic Investigator**, and **TRM Forensics** all produce structured reports that banks recognise. The report should trace from origin wallet to current wallet, flag any high\-risk hops, and classify counterparties. ### The cold\-wallet gap problem Founders who held coins in **cold storage for years** without any on\-chain activity create a documentation gap banks find uncomfortable. Resolve it with: **hardware\-wallet device attestation** \(serial number, purchase invoice, firmware version\), **a notarised statement** affirming continuous control, and a signed message from the address proving present\-day control. The combination converts *"the chain went quiet"* into a defensible silence. > **Warning:** Never ignore mixer or privacy\-coin exposure. Address it head\-on in the narrative memo with the analytics report's classification — silence on mixer activity is the single fastest path to file rejection. ## Layer 3: Off\-Chain Corroboration On\-chain proof shows what addresses did. Off\-chain proof shows **who the addresses belong to** and **that the value was lawfully acquired and properly taxed**. The [EBA's CDD Guidelines \(EBA/GL/2023/03\)](https://www.eba.europa.eu/regulation-and-policy/anti-money-laundering-and-countering-financing-terrorism/guidelines-customer-due-diligence-and-factors-credit-and-financial-institutions-should-consider)³[^3] make clear that crypto exposure does not relieve a credit institution of the obligation to collect conventional documentary proof of source. The core off\-chain corpus, in priority order: - **Tax filings** — personal income tax returns covering every year of material crypto activity, with capital\-gains schedules. - **Exchange KYC records** — KYC\-completion letters, account\-opening confirmations, and full trade exports from every exchange the founder has used. - **Employment records** — employer letters, payslips, P60/W\-2 equivalents, tax withholding certificates. - **Audited financials** — for any operating company the founder controlled, audited accounts covering the period in which crypto was distributed as compensation or dividend. - **Contractor invoices** — for crypto received as fees, signed invoices with counterparty details and matching on\-chain payments. - **Capital\-raise documents** — SAFE/SAFT agreements, board resolutions, subscription confirmations, escrow release letters. The structural test for off\-chain corroboration is **cross\-referenceability**: every material on\-chain event should have at least one off\-chain document that names the same date, amount, and counterparty. Banks check for this. A timeline where the on\-chain receipts predate the off\-chain corroboration is a red flag worth a rejection. ## Layer 4: Sanctions and Counterparty Hygiene Sanctions screening on a crypto founder is structurally different from screening on a fiat customer. Beyond name\-screening, the bank wants to see **address\-level exposure analysis** — every wallet the founder has touched, scored against sanctioned and high\-risk address lists. The [FATF's Updated Guidance for a Risk\-Based Approach to Virtual Assets](https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Updated-guidance-rba-virtual-assets.html)⁴[^4] sets the global expectation: VASPs and their banking counterparties must conduct on\-chain analytics, not just sanctions list screening. The three vendors banks recognise out of the box are **Chainalysis**, **Elliptic**, and **TRM Labs**. The dossier should include at least one full report. The report must cover: **sanctioned\-entity proximity**, **mixer and tumbler exposure**, **darknet market interaction**, **high\-risk jurisdiction exposure**, and an aggregate **risk score** for each address. ### What to do when the report shows non\-zero exposure A clean report is rare. Almost every founder with multi\-year crypto activity will have **some non\-zero exposure** — a counterparty turned out to be a sanctioned exchange, an early gambling site interaction, a swap through a privacy\-preserving protocol. The dossier should address each flagged hop **explicitly** in the narrative memo: when, how much, what was known at the time, and what the founder did after. Concealment is fatal. A bank that finds exposure the founder failed to disclose is a bank that closes the file **and reports the customer internally**. Disclosure with context is survivable; concealment is not. ## Layer 5: The Narrative Cover Memo The cover memo is a **2–4 page founder\-written declaration** that walks the MLRO through the chronological story of how the founder came to control today's crypto holdings. It cites each of the underlying exhibits by number and ties them into a single coherent narrative. The memo is not optional. Without it, the reviewer has to construct the story themselves from raw exhibits — and they will not. A pack of documents without a memo gets returned with *"please clarify the source of funds"* almost every time. ### Memo structure that works - **Section 1 — Executive summary**: one paragraph stating today's holdings, the origin event, and the headline corroboration. - **Section 2 — Origin chronology**: dated walk\-through of the origin event with exhibit cites \(Ex. A1, A2…\). - **Section 3 — Custody timeline**: wallet inventory, custody changes, exchanges used, cold\-storage periods \(Ex. B1–B9\). - **Section 4 — Tax and reporting position**: jurisdictions filed in, capital gains disclosed, residency moves \(Ex. C1–C6\). - **Section 5 — Sanctions and counterparty discussion**: addresses each flagged item in the analytics report by hash \(Ex. D1\). - **Section 6 — Declaration and signature**: dated, signed, and where the jurisdiction supports it, notarised. Write the memo in the founder's voice but with a banker's vocabulary. Avoid hype, avoid ideology, avoid speculation. The MLRO is reading for **facts, dates, amounts, and exhibits** — give them that and nothing else. ## SOF vs SOW — The Definitional Split Banks routinely conflate the two terms, but they are technically distinct and the dossier needs to satisfy both. *Table: Source of Funds vs Source of Wealth — definitional and evidentiary split.* | Dimension | Source of Funds \(SOF\) | Source of Wealth \(SOW\) | | --- | --- | --- | | Question answered | Where did the specific funds being deposited come from? | How did the customer accumulate their total wealth over time? | | Time horizon | Immediate — last 1–3 transactions | Lifetime / multi\-year | | Evidence required | Transaction\-level: exchange withdrawals, wire receipts, sale invoices | Cumulative: tax returns, audited accounts, capital\-raise docs, employment history | | Refresh cadence | Per material deposit | Annual / on trigger event | | Who reviews | Onboarding / transaction monitoring | MLRO / EDD committee | | Failure mode | Mismatched amount or counterparty | Wealth claim not corroborated by tax / income history | ## Acceptable vs Insufficient Evidence by Layer The pattern of failures is consistent across banks. The fix in every case is the same: a stronger document, properly cited. *Table: Acceptable vs insufficient evidence by dossier layer, with remediation paths.* | Layer | Acceptable evidence | Common gap | How to remediate | | --- | --- | --- | --- | | Layer 1 — Origin Event | Mining rig invoices \+ pool payouts \+ coinbase tx hashes; or SAFT \+ wire \+ issuer allocation letter | Founder asserts mining but cannot produce rig invoices or electricity bills | Notarised statement \+ landlord/utility correspondence placing founder at site | | Layer 2 — Chain\-of\-Custody | Wallet inventory \+ analytics report tracing origin to current address | Multi\-year cold\-storage gap with no on\-chain activity | Hardware\-wallet attestation \+ signed message \+ notarised continuous\-control statement | | Layer 3 — Off\-Chain Corroboration | Filed tax returns with capital\-gains schedule; KYC'd exchange records | Material crypto activity not declared in any tax filing | Voluntary disclosure to revenue authority before file goes to the bank | | Layer 4 — Sanctions & Hygiene | Chainalysis / Elliptic / TRM report with addressed exposure | Mixer hop present, not addressed | Memo paragraph explaining date, amount, regulatory environment at the time, and post\-event behaviour | | Layer 5 — Narrative Memo | 2–4 page chronological narrative with exhibit cites | No memo; just a folder of PDFs | Founder\-written memo, ideally reviewed by counsel before submission | ## The Five Failure Modes Across hundreds of files, the same five failure modes account for the overwhelming majority of SOF/SOW rejections. Knowing them in advance is the cheapest form of compliance. ### 1. Over\-redaction Founders redact **counterparty names, wallet addresses, or amounts** for confidentiality. The bank reads redactions as concealment. Leave redactions for genuinely irrelevant fields \(other parties' personal data\) and explain every redaction in the memo. ### 2. Mismatched timelines On\-chain activity that predates the off\-chain documentation creates the appearance of **retro\-fitted justification**. Every claim in the memo should match the dated documents in the exhibits. ### 3. Mixer exposure not addressed Any analytics report disclosing mixer activity that the memo fails to discuss is **a dead file**. Address it head\-on with date, amount, and rationale. ### 4. No chain\-of\-custody for cold\-wallet periods Years of on\-chain silence read as a **chain\-of\-custody break** unless explicitly resolved with device attestations and signed messages. ### 5. Narrative contradicts on\-chain data A memo that says *"funds were held in cold storage from 2018–2022"* while the chain shows three exchange withdrawals in that window is a **credibility\-destroying contradiction**. Write the memo against the chain, not against memory. ## The 10\-Working\-Day Assembly Sprint A complete five\-layer dossier can be assembled in **10 working days** if the founder is responsive and the underlying records exist. The sprint structure below maps to the [JMLSG Guidance Parts I & II](https://www.jmlsg.org.uk/guidance/current-guidance/)⁵[^5] standards that UK banks apply by default. ### Days 1–2: Scoping interview Identify the origin event, every jurisdiction of tax residency, every wallet ever controlled, every exchange ever used. Output: a one\-page chronology. ### Days 3–5: Document gathering Pull tax returns, exchange KYC packs, contracts, invoices, board minutes, audited accounts. Anything missing is logged as a **known gap** to be addressed by sworn statement. ### Days 4–6: On\-chain analytics Commission a Chainalysis, Elliptic, or TRM report covering every founder\-controlled address. Review for sanctioned and mixer exposure before the bank sees it. ### Days 7–8: Exhibit indexing Number every document \(A1, A2, B1…\), build an exhibit index, redact only third\-party PII, and Bates\-stamp the pack. ### Days 9–10: Narrative memo \+ counsel review Draft the cover memo, cite every claim to an exhibit, run it past counsel, sign and notarise where required. The pack is now banker\-ready. > **Note:** Banks rarely tell founders that the file failed on SOF/SOW. The rejection letter says "appetite" or "strategic fit." Read every rejection as a SOF/SOW failure first and only then explore other hypotheses. ## How the EU Framework Drives the Standard The [6AMLD \(Directive \(EU\) 2018/1673\)](https://eur-lex.europa.eu/eli/dir/2018/1673/oj)⁶[^6] expanded predicate offences for money laundering to 22 categories — including **tax crimes** — and introduced criminal liability for legal persons. For a bank, this means accepting a deposit whose origin includes an undeclared crypto disposal is not merely a regulatory failure — it is potentially a predicate offence the bank's officers can be charged for. That criminal\-liability overhang is why **tax filings** have become the single most demanded document in modern SOF/SOW packs. Banks no longer treat undeclared crypto as *the customer's problem* — they treat it as *their problem*. If the dossier cannot show that material gains were declared, the file does not progress. ## FAQ ### What counts as proof of source of funds for crypto? Acceptable proof combines on\-chain evidence with off\-chain documents. The on\-chain side is wallet history, exchange withdrawals, and an analytics report tracing the funds back to a verified origin. The off\-chain side is tax filings, exchange KYC records, employer letters, capital\-raise documents, or audited accounts that name the same dates and amounts as the on\-chain record. A bank wants both — neither alone is enough. ### Do banks accept on\-chain proof for source of wealth? On\-chain proof is necessary but not sufficient for SOW. SOW asks how the customer accumulated their total wealth over time, and the answer must be grounded in conventional evidence — tax returns, employment income, capital raises, business profits — corroborated by the chain rather than replaced by it. A wallet inventory alone is treated as identity proof, not wealth proof. ### How far back must source of funds evidence go? For source of funds, evidence usually needs to cover the last 1–3 material transactions feeding the deposit. For source of wealth, the dossier must trace back to the origin event — which for a long\-term holder can mean 10\+ years of intermittent documentation. Banks accept dated gaps if they are explained and bridged by sworn statements or device attestations. ### Can I use a Chainalysis report as source\-of\-funds evidence? A Chainalysis, Elliptic, or TRM Labs report is a near\-mandatory component of Layer 4 \(Sanctions & Counterparty Hygiene\) and a strong supporting artefact for Layer 2 \(Chain\-of\-Custody\). It is not a substitute for the origin event proof or the off\-chain corroboration layer. Banks read it as third\-party attestation that the addresses are clean — not as evidence that the customer earned them lawfully. ### Does the bank keep the dossier on file forever? Yes. Under EU and UK AML rules, banks retain CDD records — including SOF/SOW dossiers — for a minimum of five years after the end of the customer relationship, and longer if the file is referenced in a SAR. Founders should keep their own copies indefinitely, since the same dossier will be requested by every subsequent bank, custodian, and prime broker. > **Call to action:** Need a banker\-ready SOF/SOW dossier? Finconduit assembles five\-layer evidence packs for crypto founders in 10 working days. Book a free assessment. ## Related Guides - [Bank Diligence File for Regulated Crypto Firms](/resources/bank-diligence-file-crypto-firm): the corporate\-entity counterpart to the founder dossier — what banks demand at the legal\-entity level. - [What Banks Actually Evaluate When Onboarding a CASP](/resources/what-banks-evaluate-casp): the full bank decision matrix beyond SOF/SOW, with weighting and red\-flag thresholds. - [AML Audit for a Regulated Crypto Firm](/resources/aml-audit-crypto-firm): annual audit scope, sample sizes, and the SOF/SOW\-specific tests auditors run. - [The 2026 Substance Bar](/resources/substance-bar-2026): how operational substance interacts with SOF/SOW credibility at the corporate level. The five\-layer dossier is not a compliance hurdle to clear once. It is the **permanent record** that every future banking, custody, and prime\-brokerage relationship will be built on. Founders who build it once — properly, with exhibit indexing and counsel review — find that subsequent onboardings shrink from months to weeks. Founders who patch together fresh evidence at every application stay in the perpetual onboarding loop. Build the dossier early, maintain it as transactions accumulate, and the bank's answer changes from *"appetite mismatch"* to *"welcome to the bank."* ## Footnotes [^1]: Regulation \(EU\) 2024/1624 of the European Parliament and of the Council of 31 May 2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing \(AMLR\), OJ L, 19.6.2024. [^2]: FCA Financial Crime Guide \(FCG\), Chapter 3 — Customer Due Diligence, including guidance on Source of Funds and Source of Wealth checks. [^3]: EBA Guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions \(EBA/GL/2023/03\). [^4]: FATF, Updated Guidance for a Risk\-Based Approach to Virtual Assets and Virtual Asset Service Providers \(October 2021\). [^5]: JMLSG \(Joint Money Laundering Steering Group\), Guidance Parts I & II — current edition, including chapters on source of funds and source of wealth corroboration. [^6]: Directive \(EU\) 2018/1673 of the European Parliament and of the Council of 23 October 2018 on combating money laundering by criminal law \(6AMLD\), OJ L 284, 12.11.2018. --- Source: https://finconduit.com/resources/source-of-funds-source-of-wealth-crypto-dossier