Beyond “No”: How CRB Monitor Enables Risk-Based Decisions

We sat down with Paul Chaveriat, a global business leader with over 20 years of experience, to discuss practical insights into onboarding, counterparty risk, continuous monitoring, and why making risk visible, measurable, and manageable is now the defining challenge for compliance teams operating in emerging industries.

As financial institutions increasingly engage with cannabis, digital assets, and VASPs, many still struggle with limited data, unclear definitions, and legacy compliance frameworks that were never designed for rapidly evolving, highly regulated sectors. The result is often a default “no”, driven more by uncertainty than by actual risk.

Paul’s career has been rooted in financial and market data and corporate intelligence, including senior leadership roles at SNL Financial, which was later acquired by S&P Global. With a deep background in sector-focused data businesses, he specialises in helping banks navigate complex regulatory environments by delivering transparency, regulatory context, and reliable, source-documented intelligence.

In this conversation, Paul shares why assumptions around cannabis and crypto persist in 2026, how institutions are shifting from blanket restrictions to risk-based decision-making, and how trusted data enables banks to confidently identify compliant, well-regulated businesses and say “yes” when others hesitate.

Q: When the words “cannabis” or “crypto” are seen, assumptions are often made. 

How often do you find yourself having to break down your work into layman’s terms, and why do you think that is still necessary in 2026?

Paul: We must do it constantly, both externally with clients and partners, and internally, just to operate effectively. Even today, simply having the words cannabis or crypto in our company description can trigger automatic restrictions from banks or payment providers. When people don’t understand something, their first reaction is to restrict it. 

That remains true in 2026 because these industries have evolved more rapidly than traditional information and compliance frameworks. Many institutions lacked reliable data or definitions to rely on. 

Breaking things down into plain language is often the only way to move the conversation from a blanket “no” to a more nuanced, risk-based discussion.

Q: Why focus on the cannabis and digital assets industries specifically?
What gaps in data, compliance, or transparency did you see that other services weren’t addressing?

Paul: We focus on industries that are moving along a regulatory curve, from unregulated or even illegal, toward formal regulation and institutional participation. Cannabis and digital assets both fit that profile perfectly.

When we started, large incumbent data providers weren’t paying attention to these sectors at all. There were no clear definitions, no consistent frameworks, and very little transparency around who was actually regulated, licensed, or operating legally. That created massive friction for banks and investors who needed to make compliance and risk decisions without reliable information.

These industries are complex and require deep, sector-specific expertise, not generic coverage. That’s where we saw a clear opportunity to bring structure, transparency, and regulatory context into areas where it simply didn’t exist before.

Q: We’ve known VASPnet for years. What led you to that acquisition?

Paul: We had already been expanding our digital asset capabilities organically and testing early products with large global investment banks. At the same time, we had been watching VASPnet grow for several years and respected their deep subject-matter expertise.

The timing worked well. They were seeking a long-term home within a data company, rather than a consulting model, and we were building toward the same market. Whether we acquired them or not, we would have ended up competing. Bringing their expertise, clients, and team into CRB Monitor was simply the better outcome for both sides.

Q: What are the most significant recent trends you’ve seen in these sectors, and how is CRB Monitor adapting its data and analysis in response?

Paul: The most significant trend is the shift among traditional financial institutions from a blanket “no crypto” stance to a more nuanced, risk-based approach. Institutions are no longer asking if they should engage with digital assets, but how and under what conditions.

Rather than treating crypto as a monolithic risk, banks are developing differentiated policies based on jurisdiction, licensing, regulatory standing, and business model. 

Our data and analysis have evolved to support this shift by enabling institutions to move beyond binary decisions and build informed, defensible policies that reflect real regulatory and operational differences across the ecosystem, rather than relying on one-time diligence.

Q: Who are your primary clients, and what kinds of decisions do they rely on CRB Monitor data for?

Paul: Our primary clients are large, regulated financial institutions, particularly global investment banks in the US and Europe. They represent the majority of our revenue and play a key role in establishing best practices across the industry.

They rely on our data for high-stakes decisions related to onboarding, counterparty risk, regulatory exposure, policy development, and ongoing monitoring. 

We also work directly with VASPs and crypto-native firms, and we’re increasingly seeing convergence as banks move into crypto and crypto firms obtain banking licenses.

Q: How does a typical client use CRB Monitor for onboarding, risk checks, and continuous compliance?

Paul: It usually starts with identifying unknown exposure. Before diligence, we encourage clients to step back and consider where they may already be involved in these industries,  through payments, wires, investments, funds, ETFs, or as counterparties.

From there, clients apply their own risk appetite and policies. We remain agnostic on risk tolerance and provide the data needed to support those decisions. Finally, for entities they choose to engage with, we enable ongoing monitoring of licensing status, regulatory standing, and jurisdictional changes, ensuring there are no surprises later.

Q: Given the controversial and sensitive nature of cannabis and digital assets, what steps does CRB Monitor take to handle sensitive industry data ethically and securely?

Paul: Ethical data handling is foundational to what we do. All information in our platform is source-documented, with the vast majority coming directly from regulators, governments, or other authoritative public sources. 

This ensures transparency, traceability, and accountability, especially since our data is used to make significant compliance and risk decisions.

We’re also very deliberate about who we work with. Our clients are overwhelmingly regulated entities themselves. The goal isn’t to expose bad actors, it’s to clearly identify good ones and give institutions confidence in making “yes” decisions that they can stand behind.

“The goal isn’t to expose bad actors; it’s to clearly identify good ones.”

Q: Do you believe that more robust corporate-intelligence databases can improve the legitimacy, transparency, and public perception of the cannabis industry? If so, how?

Paul: Absolutely, and we’ve already seen it happen. Ten years ago, the headline was that cannabis companies couldn’t get bank accounts. Today, hundreds of banks openly serve regulated cannabis businesses.

We’ve seen this play out in real time. Over the past decade, as transparency improved and better data tools emerged, cannabis moved from being largely unbankable to an industry now served by hundreds of U.S. financial institutions. 

Data doesn’t just improve compliance; it reshapes perception by proving that regulated cannabis businesses can be assessed, monitored, and trusted like any other regulated sector.

Q: For financial institutions or investors considering CRB Monitor, what best practices would you recommend to maximise value from the data while staying compliant and minimising risk?

Paul: The most effective approach is to start with the fundamentals before moving to more complex tools. First, institutions should focus on gaining a complete understanding of their exposure, identifying all touchpoints with cannabis, digital asset, or VASP-related activity. Knowing who you’re engaging with and where they operate is the highest-ROI starting point.

Second, institutions should apply familiar risk frameworks rather than inventing new ones. Assess legal status, regulatory oversight, jurisdictional risk, and alignment with FATF standards, the same principles banks already use for other higher-risk sectors like money services or FX. 

Finally, treat compliance as an ongoing process, not a static one. These sectors change quickly. Continuous monitoring is just as important as onboarding, especially when licensing regimes and regulatory standards are still evolving.

In short, the goal isn’t to eliminate risk entirely, but to make it visible, measurable, and manageable using trusted data and well-established controls.

About CRB Monitor

CRB Monitor offers the most comprehensive corporate intelligence database platform for digital assets, VASPs, and the cannabis industry, enabling financial institutions and capital providers to move beyond assumptions and make informed, risk-based decisions.

Built for emerging, highly regulated sectors, our platform delivers trusted, regulator-sourced data, clear regulatory context, and ongoing monitoring, helping institutions understand exposure, assess counterparties, and manage risk and opportunity with confidence.

Find out more about CRB.