Know every wallet.
Clear every risk.

Crypto AML is the set of controls, policies, and tools that virtual asset businesses use to detect and prevent money laundering through blockchain transactions. It encompasses KYC/CDD at onboarding, ongoing transaction monitoring, sanctions screening, and SAR filing. FATF Recommendation 15 requires VASPs to apply AML controls equivalent to traditional financial institutions — with active enforcement in the EU (MiCA/TFR), US (FinCEN/BSA), and UK (FCA). Beyond legal compliance, effective crypto AML protects organisations from processing criminal proceeds — which creates asset freeze risk, reputational damage, and potential secondary liability exposure.

A complete programme includes: (1) Customer Due Diligence (KYC) — verifying identity at onboarding and applying EDD for high-risk users; (2) ongoing transaction monitoring — screening wallet addresses at every deposit and withdrawal using blockchain analytics; (3) sanctions screening — checking wallets against OFAC SDN and equivalent lists; (4) Travel Rule compliance — collecting and transmitting originator/beneficiary data above jurisdiction thresholds; (5) SAR/STR filing — reporting suspicious activity to the relevant FIU; and (6) record-keeping — maintaining documentation for the required retention period.

The FATF Travel Rule (Recommendation 16) requires VASPs to collect and transmit originator and beneficiary identity data with virtual asset transfers above a threshold — typically USD/EUR 1,000, with no threshold under the EU's Transfer of Funds Regulation. Travel Rule compliance is a parallel obligation to transaction monitoring — passing identity data does not discharge the duty to screen funds for illicit exposure.

A SAR is required when you know, suspect, or have reasonable grounds to suspect that a transaction involves proceeds of crime or terrorist financing. This covers: direct OFAC-sanctioned wallet exposure, near-direct darknet or ransomware interaction, structuring behaviour, and customers whose on-chain activity is inconsistent with their stated source of funds. Critically: once you have filed a SAR, you must not tip off the subject — disclosure is prohibited in most jurisdictions and can constitute a criminal offence.

This is one of the most contested questions in crypto regulation. Truly decentralised protocols without a central operator are not yet clearly classified as VASPs in most jurisdictions. However, frontend operators, deployer teams, governance multisig holders, and entities receiving protocol fees face increasing scrutiny and potential VASP classification. The EU's MiCA and evolving FATF guidance both push toward broader coverage of DeFi participants over time.

The obligations are structurally similar — KYC, monitoring, SAR filing — but the technical tools differ fundamentally. Traditional AML monitors bank account names and transaction narratives; crypto AML monitors blockchain address graphs. The key advantage: the complete transaction history of every wallet address is permanently public on-chain. Analytics tools can trace fund flows across years of history in seconds — which is why FATF considers well-implemented crypto AML potentially more effective than traditional financial monitoring.

Real-time at every deposit and withdrawal for regulated VASPs — this is the FATF Recommendation 15 standard. Onboarding-only screening misses all post-signup activity and does not satisfy the ongoing monitoring obligation. For existing wallets: periodic batch re-screening at least quarterly for standard-risk users, more frequently for high-value accounts. Analytics databases update continuously — a clean address can be re-attributed to a newly-identified illicit cluster without any new on-chain activity from your user.

Yes — false positives are inherent to probabilistic heuristic clustering. Common scenarios: CoinJoin users, large exchange hot wallets shared across thousands of customers, and addresses recently re-attributed to newly-identified illicit entities. Build a documented dispute resolution process with a clear SLA (typically 5 business days). Track your false positive rate quarterly — above 10–15% of blocked accounts being cleared signals miscalibrated thresholds, not insufficient blocking.

cmply is purpose-built for compliance teams who need answers fast — not analysts building forensic cases. Where Chainalysis KYT and TRM Labs are API-first tools that output raw data into your existing workflow, cmply gives you a full investigation UI: entity identification, risk scoring, transaction tracing, portfolio visibility, and internal case management in one platform. It's the right fit for regulated businesses that need compliance intelligence without building a custom integration stack.