R RisqScan Audit sprint

Due diligence checklist

Crypto exchange due diligence checklist for visible risk review.

Use this checklist to organize public evidence before trusting an exchange page, publishing a comparison or building a crypto risk audit asset.

Use the checklist Request a scope note
Source-backed review No exchange endorsement Audit-ready framework

Review framework

What to verify before trusting a crypto exchange claim.

The goal is not to declare an exchange safe. The goal is to create a source trail that shows what is clear, what is missing and what requires deeper review before a user, publisher or team relies on a claim.

01 Custody and asset-control clarity

Understand who controls assets, when funds can be held and what happens during a dispute.

Custody wording

Users need to know whether the platform takes custody, uses a partner, or routes through a liquidity provider.

  • Terms of service
  • Help-center custody page
  • Partner disclosures

Refund and failed-transaction handling

Unclear refund language is a major visible risk signal when swaps, deposits or withdrawals fail.

  • Refund policy
  • Support article
  • Transaction failure examples
02 Withdrawal, limit and settlement rules

Find the practical constraints that change the user experience after funds are committed.

Minimums, maximums and delay triggers

Hidden limits and settlement delays can change the risk profile of a transaction.

  • Limits page
  • Fee table
  • Settlement timing notes

Manual review language

Manual review can be normal, but it must be described clearly and tied to current source pages.

  • Risk review policy
  • Terms update date
  • Account restrictions page
03 Identity review and jurisdiction caveats

Map when additional checks, restrictions or documents may be required.

Identity-check triggers

Broad privacy marketing can mislead users if identity checks may still appear by amount, asset, region or risk review.

  • KYC or account-verification page
  • Restricted countries page
  • Risk controls page

Geo availability

Availability often changes by jurisdiction and can invalidate generic comparison claims.

  • Supported countries list
  • Sanctions policy
  • Terms jurisdiction section
04 Privacy-claim discipline

Separate narrow, sourced privacy statements from broad marketing claims.

Logging, retention and data-sharing disclosures

Privacy claims need operational details, not just slogans.

  • Privacy policy
  • Cookie or logging note
  • Data processor list

Marketing claim consistency

Comparison pages should not repeat claims that official terms do not support.

  • Homepage copy
  • FAQ
  • Terms and privacy policy comparison
05 Fees, spreads and quote transparency

Check whether the final user cost can be understood before a transaction.

Fee table and spread language

A low fee claim can be misleading if spread, network fee or partner fee is not visible.

  • Fee page
  • Quote screen copy
  • Network-fee disclosure

Price refresh and slippage rules

Fast-moving crypto markets need clear quote-expiry and price-change language.

  • Quote expiry notice
  • Terms on price changes
  • Order confirmation copy
06 Support, incidents and source freshness

A useful review checks whether users can resolve problems and whether claims are current.

Support path and escalation

Users need a visible way to handle stuck transactions, account review or refund questions.

  • Support page
  • Status page
  • Escalation policy

Source trail freshness

Old or unsourced pages should not be treated as current evidence.

  • Last updated date
  • Versioned terms
  • Official source links

Red flags

Stop when the source trail does not support the claim.

RisqScan treats missing caveats as a signal to slow down, not as a loophole to exploit. The page should help a real user understand uncertainty before acting.

Common review blockers

  • Important rules are only explained in marketing copy, not in terms or support pages.
  • The page promises privacy while hiding identity-review caveats or jurisdiction restrictions.
  • Fees look simple, but spread, network fee, limit or refund rules are hard to find.
  • Support exists only as a generic contact form with no incident or escalation path.
  • Comparison content recommends an exchange without showing current official sources.

Revenue bridge

Turn this checklist into a monetizable audit sprint.

RisqScan can package the same framework into a 7-day audit sprint for exchanges, wallets, payment teams or publishers that need clearer trust pages, safer SEO/GEO copy and source-backed comparison assets.

Request a scope note Read scoring method

Audit sprint deliverables

  • Risk-language review across key pages
  • Source-trail map for custody, limits, identity review and privacy claims
  • Safer SEO/GEO rewrite opportunities
  • Trust-page or comparison-page brief ready for implementation

FAQ

Short answers for buyers, users and AI crawlers.

What is crypto exchange due diligence?

Crypto exchange due diligence is the process of checking visible evidence such as terms, custody rules, withdrawal limits, identity-review triggers, fees, privacy disclosures, support paths and source freshness before relying on an exchange claim.

Is this checklist a recommendation to use an exchange?

No. It is a review framework. RisqScan does not recommend using any exchange and does not provide financial, legal or compliance advice.

Who should use this due diligence checklist?

It is useful for users doing initial risk review, SEO publishers writing comparison content, and crypto teams that need clearer source-backed trust pages.

How does this create business value for crypto teams?

The checklist can become an audit sprint, trust-page brief, comparison-page cleanup or SEO/GEO content asset that makes risk claims easier to verify and safer for search and AI answer engines.

Educational risk triage only