Anti-Money Laundering (AML)

Customer Due Diligence (CDD) is the foundational process of identifying and verifying a customer's identity and assessing their risk profile. It involves collecting and analyzing information to understand the nature of the customer's activities and the source of their funds.

• Core Elements: Identity verification, beneficial ownership identification, and understanding the purpose of the business relationship.
• Enhanced Due Diligence (EDD): Applied to higher-risk customers (e.g., Politically Exposed Persons, high-net-worth individuals from high-risk jurisdictions) and involves deeper investigation and ongoing monitoring.
• Example: A crypto exchange verifying a user's government ID, proof of address, and conducting a liveness check before allowing high-value transactions.

Transaction Monitoring is the automated, rules-based surveillance of customer transactions to identify patterns indicative of money laundering, terrorist financing, or other financial crimes.

• How it Works: Systems screen transactions against predefined behavioral rules and risk scenarios (e.g., rapid structuring of deposits just below reporting thresholds, unexplained high-value transfers to high-risk jurisdictions).
• Key Output: Generates alerts for suspicious activity that require manual investigation by AML analysts.
• Blockchain Context: On-chain analytics tools monitor wallet addresses for links to known illicit actors (sanctions lists, darknet markets) and analyze transaction graph patterns.

Suspicious Activity Reporting (SAR) is the mandatory filing of a report to a national Financial Intelligence Unit (FIU), such as FinCEN in the US, when a financial institution detects activity that has no apparent lawful purpose or is inconsistent with the customer's known profile.

• Legal Obligation: The cornerstone of the "gatekeeper" role of financial institutions. Filing a SAR provides a safe harbor from liability for breaching customer confidentiality.
• Contents: Includes details of the suspicious activity, the subjects involved, the transactions, and the reason for suspicion.
• Threshold: Based on suspicion, not a minimum dollar amount. Institutions cannot tip off the customer that a SAR has been filed.

A Risk Assessment is a formal, documented analysis that identifies, assesses, and understands the money laundering and terrorist financing risks to which a business is exposed. It is the blueprint that dictates the scope and intensity of all other AML controls.

• Three Pillars:
  • Customer Risk: Geography, product usage, transaction behavior.
  • Product/Service Risk: Anonymity, liquidity, cross-border features.
  • Geographic Risk: Jurisdictions with weak AML laws or high levels of corruption.
• Outcome: A risk-based approach (RBA) where resources are allocated proportionally to the highest identified risks.

Recordkeeping refers to the regulatory requirement to maintain comprehensive records of customer identification data, account files, and business correspondence for a minimum period (typically 5 years after account closure).

• Purpose: To enable the reconstruction of individual transactions and provide an audit trail for law enforcement and regulators.
• Critical Data: Customer identification records, account applications, transaction ledgers, and all documents related to SAR filings.
• Blockchain Nuance: While the blockchain is an immutable ledger, regulated Virtual Asset Service Providers (VASPs) must maintain records linking blockchain addresses to verified customer identities (the "Travel Rule").

These are the governance pillars ensuring the AML program's ongoing effectiveness and compliance.

• Independent Testing: An audit or review conducted by internal audit or a qualified third party to assess the adequacy and operational effectiveness of the AML program. It tests for adherence to policies and regulatory requirements.
• Employee Training: A continuous, mandatory program to ensure all relevant staff (from compliance to frontline sales) understand AML regulations, recognize red flags, and know their reporting obligations. Training must be tailored to employee roles and updated for new threats.

Customer Due Diligence (CDD) is the foundational process of verifying a customer's identity and assessing their risk profile. For crypto, this involves:

• Know Your Customer (KYC): Collecting and verifying government-issued ID, proof of address, and sometimes source of funds.
• Risk-Based Approach: Assigning risk levels (e.g., low, medium, high) based on factors like transaction volume, geography, and customer type.
• Ongoing Monitoring: Continuously reviewing customer transactions for consistency with their profile and risk level.

Firms must implement systems to monitor transactions for suspicious activity and file mandatory reports with financial intelligence units.

• Suspicious Activity Reports (SARs): Filed when a transaction has no apparent lawful purpose or is suspected of involving illicit funds.
• Currency Transaction Reports (CTRs): Required in some jurisdictions for transactions over a specific threshold (e.g., $10,000 in the U.S.).
• Travel Rule: Mandates that Virtual Asset Service Providers (VASPs) share sender and recipient information for transactions above a threshold (e.g., $3,000 in the U.S. and EU).

The Travel Rule is a critical AML standard requiring Virtual Asset Service Providers (VASPs) to transmit originator and beneficiary information during cryptocurrency transfers.

• Originator Information: Must include the sender's name, account number (wallet address), and physical address or national ID number.
• Beneficiary Information: Must include the recipient's name and account number (wallet address).
• Thresholds: Typically applies to transfers over $/€1,000 or $/€3,000, depending on the jurisdiction. It is a major compliance challenge for decentralized protocols.

Stablecoins, particularly those pegged to fiat currencies, present unique AML challenges due to their potential for high-volume, cross-border transactions.

• Redemption Arbitrage: Illicit actors may use stablecoins to move value and redeem for clean fiat at regulated exchanges.
• Issuer & Reserve Auditor Obligations: The entity managing the fiat reserves must have robust AML controls for minting and burning tokens.
• DeFi Pool Contamination: Illicit stablecoins mixed into decentralized liquidity pools can create compliance issues for other users and VASPs interacting with those pools.

Sanctions screening is the process of checking customers and transactions against government-issued lists of sanctioned individuals, entities, and countries.

• Office of Foreign Assets Control (OFAC): The U.S. regulator that maintains the Specially Designated Nationals (SDN) list. It has added cryptocurrency addresses to this list.
• Blockchain Analytics: Firms use tools like Chainalysis or Elliptic to screen wallet addresses against known illicit actors and sanctioned entities.
• Prohibition: It is illegal to facilitate transactions for anyone on a sanctions list, requiring VASPs to block such transactions.

Regulations require the establishment of a formal, written AML program and the retention of comprehensive records.

• Written AML Policy: Must designate a Compliance Officer, outline internal procedures, and provide for employee training.
• Record Retention: Customer identification records and transaction details must be kept for a minimum period, typically 5 years.
• Independent Testing: The AML program must be tested for effectiveness by an internal audit or third party, usually annually.

Analysis of these actions reveals consistent regulatory expectations and failure points for crypto businesses.

• Mandatory Registration: Operating as an MSB or exchange without proper licensing is a primary violation.
• Programmatic Failure: Lack of a risk-based AML program with effective KYC, transaction monitoring, and SAR filing is a universal charge.
• Sanctions Evasion: Facilitating transactions with sanctioned entities or jurisdictions leads to severe penalties.
• Personal Liability: Executives and compliance officers can face individual charges for willful blindness or direct involvement.

Core software that analyzes customer transaction data in real-time or in batches to identify suspicious patterns indicative of money laundering. These systems use rule-based algorithms and increasingly machine learning models to flag anomalies such as:

• Structuring (breaking large sums into smaller deposits)
• Rapid movement of funds between accounts
• Transactions with high-risk jurisdictions
• Activity inconsistent with a customer's profile

Automated platforms for Know Your Customer (KYC) and Customer Due Diligence processes. They streamline identity verification by aggregating data from official sources and screening against:

• Government-issued ID verification
• Politically Exposed Persons (PEP) lists
• Sanctions lists (OFAC, UN, EU)
• Adverse media databases These tools create risk profiles and enable ongoing monitoring for changes in customer status.

Technology that automatically screens customer names, beneficiaries, and counterparties against global sanctions lists, law enforcement lists, and internal watchlists. Key features include:

• Fuzzy matching algorithms to account for name variations and transliterations
• Real-time screening of payment messages (e.g., SWIFT)
• Periodic batch screening of entire customer databases
• Reducing false positives through contextual analysis

Workflow systems that manage the lifecycle of AML alerts, from initial detection to filing a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR). They provide:

• Centralized alert queues and investigator dashboards
• Audit trails for all decisions and actions
• Automated report generation for regulators (e.g., FinCEN)
• Tools for documenting evidence and closing cases

Specialized tools for monitoring cryptocurrency transactions across public blockchains. They address the pseudonymous nature of crypto by using cluster analysis and heuristic algorithms to:

• Map wallet addresses to real-world entities (exchanges, services)
• Trace the flow of funds from illicit sources
• Identify mixing service (tumbler) usage
• Score risk based on transaction history and counterparties

Systems that automate the implementation of a Risk-Based Approach, a core FATF requirement. They calculate dynamic risk scores for customers, products, and geographies by weighting factors like:

• Customer type (e.g., PEP, MSB)
• Transactional behavior patterns
• Geographic risk of origin/destination
• Product risk (e.g., private banking, correspondent banking) These scores dictate the level of due diligence and monitoring applied.

A foundational AML procedure where a business verifies the identity of its clients. In crypto, this typically involves collecting government-issued ID, proof of address, and sometimes a live photo. KYC is mandatory for regulated exchanges and custodial services to establish a customer's risk profile and monitor transactions for suspicious activity.

A key global standard requiring Virtual Asset Service Providers (VASPs) to share originator and beneficiary information for transactions above a certain threshold (e.g., $1,000/$3,000). It mandates sharing:

• Originator's name, account number, and physical address.
• Beneficiary's name and account number. This rule aims to maintain transaction transparency akin to traditional wire transfers.

The ongoing, automated surveillance of user transactions to identify patterns indicative of money laundering or terrorist financing. Systems flag activities like:

• Structuring (Smurfing): Breaking large sums into smaller, less conspicuous transactions.
• Rapid Movement: Funds moving through multiple wallets/exchanges in quick succession.
• Interaction with high-risk addresses (e.g., sanctioned entities, mixers). Flagged transactions trigger Suspicious Activity Reports (SARs).

OFAC administers and enforces U.S. economic sanctions programs. For crypto, OFAC maintains the Specially Designated Nationals (SDN) List, which includes sanctioned wallet addresses. Compliance requires VASPs to:

• Block transactions from/to SDN-listed addresses.
• Reject dealings with sanctioned jurisdictions.
• Report any blocked property to OFAC. Non-compliance results in severe penalties.

The global money laundering and terrorist financing watchdog. Its 40 Recommendations set the international standard for AML/CFT (Combating the Financing of Terrorism). FATF's 2019 guidance extended these standards to Virtual Asset Service Providers (VASPs), critically shaping how countries regulate crypto exchanges, wallet providers, and other custodial services.

A confidential document filed by financial institutions, including crypto VASPs, with a national Financial Intelligence Unit (FIU) when they detect potentially illicit activity. Filing a SAR is a legal obligation that protects the institution while alerting authorities. It contains details of the suspicious transaction, the parties involved, and the reasons for suspicion, without notifying the customer.