Blockchain Transaction Screening

Virtual Assets and the Regulatory Frame

A Virtual Asset (VA) is a digital representation of value that can be traded or transferred and used for payment or investment. A Virtual Asset Service Provider (VASP) is a business that exchanges, transfers, safekeeps, or administers virtual assets. The Financial Action Task Force (FATF) requires countries to license or register VASPs and apply the full AML/CFT framework to them: customer due diligence, record-keeping, suspicious-activity reporting, and sanctions screening.

The headline rule is the Travel Rule, codified in FATF Recommendation 16. It requires that for qualifying VA transfers, the originating VASP collect and transmit required originator and beneficiary information to the receiving VASP.

A common exam trap is confusing the two thresholds: FATF recommends USD/EUR 1,000, while the long-standing U.S. funds-transfer/Travel Rule figure is USD 3,000. Know both.

Beyond the Travel Rule, a VASP must perform the same core obligations as a bank: Customer Due Diligence (CDD) and identity verification at onboarding, Enhanced Due Diligence (EDD) for higher-risk customers, ongoing transaction monitoring, sanctions screening, record-keeping, and filing suspicious-activity reports.

The wrinkle unique to virtual assets is the counterparty VASP problem: the originating institution must identify whether the receiving wallet belongs to another regulated VASP (so Travel Rule data can be exchanged) or to a self-hosted (unhosted) wallet, which carries higher risk because there is no obligated counterparty to receive the information. Transfers to unhosted wallets often warrant additional scrutiny or collection of beneficiary information directly from the customer.

On-Chain Analytics and Laundering Typologies

Public blockchains (Bitcoin, Ethereum) are pseudonymous, not anonymous: every transaction is permanently recorded, so blockchain analytics tools (e.g., the category of firms such as Chainalysis and Elliptic) can cluster addresses, attribute them to exchanges or illicit services, and trace the flow of funds. Screening compares wallet addresses and counterparties against risk databases and sanctions lists (such as OFAC's listing of specific virtual-currency addresses).

Laundering methods that screening must detect include:

• Mixers / tumblers that pool and redistribute funds to break the trail.
• Chain-hopping (swapping one asset for another, or moving across chains) to obscure provenance.
• Privacy coins (e.g., Monero) engineered to defeat tracing.
• Peel chains, where small amounts are peeled off across many hops.
• Nested services / unregistered exchanges operating inside a compliant VASP.

Worked scenario

A VASP receives an inbound transfer whose funds, two hops earlier, passed through a wallet attributed by analytics to a sanctioned darknet marketplace. The correct response is risk-based escalation: freeze or hold per sanctions obligations, file a SAR/STR as required, and document the on-chain trace as evidence. Simply completing the trade because "the immediate sender looked clean" ignores the provenance that analytics revealed.

Blockchain analytics also enables proactive controls a traditional bank cannot replicate. Because the ledger is public and immutable, an institution can score an address before accepting funds, assigning a risk rating based on the address's exposure to sanctioned entities, darknet markets, scams, mixers, or sanctioned mixers like those OFAC has designated. It can also conduct post-transaction tracing to follow proceeds for an investigation or to respond to a law-enforcement request.

This is fundamentally different from fiat monitoring, where an institution sees only its own ledger and must request information from correspondents to follow funds further. The exam may contrast the two: in crypto, the trail is already public, so the institution's job is attribution and risk scoring, not reconstruction from scratch.

Exam-ready reminders:

• Pseudonymity means traceable, not untouchable, but mixers and privacy coins raise risk and may justify enhanced due diligence or refusal of the transaction.
• VASPs owe the same CDD, screening, monitoring, and reporting duties as banks.
• Direct exposure to a sanctioned address can trigger strict-liability sanctions violations, not just AML risk; OFAC has listed specific virtual-currency addresses on the SDN List.
• The Travel Rule applies even when one side is a self-hosted (unhosted) wallet, subject to jurisdictional rules; unhosted-wallet transfers warrant added scrutiny.
• Blockchain analytics supports both pre-transaction screening and post-transaction tracing, a capability fiat monitoring lacks.

Finally, understand the risk-rating logic behind address screening, because the exam may present it as a scenario. Analytics tools express exposure as direct (your customer transacted straight with an illicit address) or indirect (illicit funds reached your customer through one or more intermediary hops). Direct exposure to a sanctioned address is the most serious and typically requires immediate action; indirect exposure is weighed by the number of hops, the amount, and the nature of the intermediary, since funds that passed through many ordinary wallets are weaker evidence than a single hop from a sanctioned mixer.

A risk-based program sets internal thresholds for when exposure requires escalation, EDD, a report, or refusal, and documents those thresholds just as it would for any monitoring rule. The same proportionality the exam rewards elsewhere applies here: act decisively on direct sanctions exposure, and apply judgment, calibrated to hop distance and value, to indirect exposure.