Audit Trail

The Audit Trail provides a tamper-evident, chronological log of all compliance-relevant actions taken on the BlockchainAnalysis.io platform. It is designed to satisfy regulatory requirements for record-keeping and to support internal and external audits.

All audit trail entries are immutable once created. They cannot be edited or deleted by any user, including administrators.

Captured Events

The audit trail captures every action that has compliance or operational significance:

Screening Events

  • Wallet screening initiated (standard and comprehensive)
  • Screening results viewed
  • Report downloaded (PDF or CSV)
  • Report shared via secure link

Transaction Monitoring Events

  • Address added to or removed from monitoring
  • Monitoring rule created, modified, or deleted
  • Alert generated
  • Alert status changed (New, In Review, Escalated, Resolved)
  • Alert reviewed with compliance officer notes

Sanctions Events

  • Sanctions match detected
  • Sanctions match manually reviewed and classified (true/false positive)

Investigation Events

  • Fund origin investigation requested
  • Investigation report delivered
  • Investigation reviewed

Account and Access Events

  • User login and logout
  • API key created, rotated, or revoked
  • User added, removed, or role changed
  • Organization settings modified
  • Two-factor authentication enabled or disabled

Integration Events

  • Fireblocks co-signer decision (approve, reject, review)
  • Webhook configured or updated
  • API call made (endpoint, parameters, response code)

Audit Trail Entry Structure

Each entry contains the following fields:

| Field | Description | |---|---| | Timestamp | UTC timestamp of the event, precise to the millisecond. | | Event Type | Categorized event type (e.g., screening.initiated, alert.resolved). | | Actor | The user or API key that triggered the event. | | IP Address | The IP address of the actor at the time of the event. | | Resource | The object affected (e.g., address, report ID, alert ID). | | Details | Structured metadata specific to the event type. | | Integrity Hash | SHA-256 hash chaining this entry to the previous one. |

Accessing the Audit Trail

Dashboard

Navigate to Audit > Audit Trail in the web dashboard. Use filters to narrow by:

  • Date range
  • Event type
  • Actor (user or API key)
  • Resource (address or report ID)

API

Query the audit trail programmatically:

GET /v1/audit/trail?event_type=screening.initiated&from=2026-01-01&to=2026-03-08&limit=100

Export

Export the audit trail as CSV or JSON for integration with external SIEM or GRC systems. Exports are available for any filtered view in the dashboard.

Audit trail exports for large date ranges may take several minutes to generate. You will receive an email notification when the export is ready for download.

Retention

| Plan | Retention Period | |---|---| | Starter | 1 year | | Professional | 3 years | | Enterprise | 7 years (configurable up to 10 years) |

Retention periods comply with AML record-keeping requirements under 5AMLD/6AMLD (5 years), Swiss AMLA (10 years), and FATF Recommendations.

Integrity Verification

Each audit trail entry includes a SHA-256 integrity hash that chains it to the previous entry, forming a hash chain. This ensures that:

  • No entries can be inserted retroactively
  • No entries can be modified after creation
  • Any tampering is immediately detectable

You can verify the integrity of your audit trail at any time via Audit > Audit Trail > Verify Integrity in the dashboard.

BlockchainAnalysis.io — Digital Asset Compliance Platform