Skip to main content
Nexio assigns a quantitative internal credit score to each borrower vault, designed to measure counterparty strength, operational robustness, governance maturity, regulatory compliance, and recovery prospects. This framework adapts established methodologies from Moody’s, S&P Global, Fitch Ratings, IOSCO, FATF, and Basel credit-risk literature. The resulting score (0 to 5) feeds directly into the probability of default (PD) and loss-given-default (LGD) mapping used in pricing. The methodology is structured into five blocks:
  1. Business & Financial Strength
  2. Market / Conduct & Governance
  3. Compliance, AML & On-Chain Risk
  4. Custody, Reserves & Recovery
  5. Venue, Operational & Jurisdictional Quality
Each block contains subfactors scored from 1 (weak/high risk) to 5 (strong/low risk) using observable evidence, public disclosures, custodial attestations, regulatory registrations, and blockchain analytics. The weighting scheme assigns higher influence to systemic, balance-sheet, and custodial risk dimensions.

1. Business & Financial Strength

This block evaluates the borrower’s economic stability, durability of cash flows, and financial resilience. Subfactors mirror the analytical dimensions used in S&P’s Corporate Methodology and Fitch’s Corporate Rating Criteria.
  • Revenue Diversification: Assesses concentration risk across revenue lines, geographies, and client segments. A low Herfindahl–Hirschman Index (HHI) indicates robust diversification.
  • Fee/Volume Sensitivity: Evaluates dependence on trading volumes or volatile revenue lines. Stress testing 30–50% volume declines identifies cyclicality.
  • Leverage (Net Debt/EBITDA): Lower leverage and larger equity cushions score higher. Values are benchmarked to sector medians per rating-agency methodologies.
  • Interest Coverage: Measures EBIT/Interest ratio and its resilience across cycles. Higher, more stable coverage corresponds to stronger credit profiles.
  • Liquidity Runway (Months): Calculated as (Cash + Undrawn Lines) / Monthly Burn, stressed under 6–12 month downside scenarios.
  • Cash Flow Stability: Penalizes volatility in operating or free cash flow using rolling standard deviations. Recurring or non-trading income supports stronger scoring.

2. Market, Conduct & Governance

This block evaluates organizational integrity and governance structures, drawing from IOSCO conduct guidelines, S&P Management & Governance criteria, and SR 11-7-style risk governance expectations.
  • Client Asset Segregation: Assesses strictness of segregation, absence of rehypothecation, daily reconciliations, and legal bankruptcy-remoteness.
  • Conflicts Management: Reviews separation of listings, market-making, and proprietary trading functions, alongside transparent disclosure procedures.
  • Market Integrity Controls: Includes surveillance, wash-trade detection, suspicious-activity algorithms, listing due diligence, and recordkeeping.
  • Board Independence & Experience: Considers independent director share, committee structure, and relevant market, risk, or regulatory experience.
  • Risk Governance Framework: Evaluates presence of 3 Lines of Defense (3LoD), risk appetite statements, stress testing, escalation channels, and model risk governance consistent with SR 11-7.
  • Incident Disclosure Timeliness: Assesses promptness and completeness of public postmortems, T+1 incident updates, and transparency standards aligned with MiCA/ESMA templates.

3. Compliance, AML & On-Chain Risk

This block incorporates FATF guidance for VASPs, blockchain-analytics risk scoring, sanctions exposure, and compliance capabilities.
  • Travel Rule & KYC Coverage: Assesses sender/receiver information handling, VASP coverage, threshold implementation, data quality, and retention policies.
  • Sanctions Exposure: Based on FATF Recommendation 6: effectiveness of screening tools, hit-rate management, and escalation frameworks.
  • On-Chain Exposure Risk: Measures the share of counterparties or flows interacting with high-risk clusters using blockchain analytics (e.g., Moody’s–Elliptic datasets).
  • SAR/STR Process Maturity: Evaluates timeliness and structure of suspicious-activity reporting, QA cycles, narratives, and regulatory feedback loops.
  • Compliance Resourcing & QA: Includes staffing ratios, mandatory training, and independent QA findings.

4. Custody, Reserves & Recovery

This block focuses on asset protection, auditability, recovery prospects, and legal enforceability. It aligns with ISAE 3000, SOC 2, ISO 27001, and Basel’s CRM (credit risk mitigation) principles.
  • Custody Architecture (Hot/Cold/MPC/HSM): Considers robustness of key management, cold storage, quorum-based signing (MPC), HSM usage, rotation policies, and independent audits.
  • Segregated Wallets Proof: Assesses per-client wallet structure, on-chain verifiable segregation, and supporting legal opinions.
  • Reserves Attestations (Scope/Frequency): Higher scores require ISAE 3000-level attestations covering assets and liabilities, with monthly or quarterly cadence.
  • Key Management Controls: Dual control, key rotation, recovery testing, external penetration testing, and SOC 2/ISO evidence.
  • Legal Enforceability & Lien Priority: Evaluates seniority and enforceability of lender claims in relevant jurisdictions, referencing Basel CRM collateral frameworks.

5. Venue, Operational & Jurisdictional Quality

This block captures infrastructure reliability, legal regime quality, and regulatory authorizations.
  • Exchange/Venue Quality: Uses independent benchmarks such as CCData’s Exchange Benchmark to assess operational, transparency, and market-quality indicators.
  • Uptime & Operational Resilience: Considers SLAs, uptime logs, RTO/RPO standards, MTTR, and incident history.
  • Jurisdiction & Regime Quality: Scores strength of the regulatory regime (MiCA, NYDFS, MAS, FCA) and the degree of oversight.
  • Licensing/Authorization Status: Reviews registrations with FinCEN, MAS, NFA, NYDFS, ESMA, or equivalent authorities.

Score Aggregation and Mapping to PD

The weighted score across all subfactors produces a composite score between 0 and 5. Nexio maps this value to a one-year Probability of Default (PD) using a logistic function calibrated to Moody’s historical default curve and anchored on Coinbase’s public rating (Ba2). This preserves monotonicity and reflects the non-linear rise in default frequencies across rating categories. The resulting PDs, combined with LGD assumptions (40–60%), feed directly into the risk premium calculation.