What Is KYT (Know Your Transaction)? The Complete Guide for Banks

What this guide covers

This is some text inside of a div block.

Every blockchain transaction creates a permanent,immutable record. KYT platforms continuously collect and analyse this dataacross supported networks, creating real-time visibility into the movement ofdigital assets between wallet addresses. This forms the foundation of allsubsequent risk assessments.Know Your Transaction (KYT) is theprocess of monitoring, analyzing, and assessing cryptocurrency transactions toidentify financial crime risks, sanctions exposure, suspicious activity, andcompliance concerns.

Unlike Know Your Customer (KYC),which focuses on verifying customer identities during onboarding, KYT focuseson understanding how digital assets move across blockchain networks and whetherthose transactions create regulatory or risk management concerns.

KYT has become a critical componentof modern crypto compliance programs. Banks, Crypto-Asset Service Providers(CASPs), exchanges, custodians, payment providers, and fintech companies useKYT to strengthen Anti-Money Laundering (AML) controls, detect suspiciousactivity, investigate high-risk transactions, and meet obligations acrossmultiple regulatory jurisdictions.

Why KYT matters in crypto compliance

The rapid growth of digital assetshas created significant opportunities for financial institutions. Banks areexploring crypto custody services. Payment providers are supporting digitalasset transfers. Institutional investors are increasing their exposure todigital assets. CASPs are expanding operations across multiple jurisdictions.

At the same time, regulatorsacross Europe, the United States, the United Kingdom, the Middle East, andAsia-Pacific have intensified their focus on financial crime risks within thedigital asset ecosystem. Unlike traditional banking systems, blockchaintransactions can cross borders instantly, interact with decentralised services,and involve counterparties operating under entirely different regulatoryframeworks.

A customer may successfully passonboarding checks, provide legitimate identification, and appear low riskduring account opening. However, weeks or months later, that same customercould receive funds from a wallet associated with sanctions violations,ransomware groups, darknet marketplaces, fraud schemes, or other forms ofillicit activity. Identity verification alone cannot identify these risks.

Expert insight
Most compliance failures in crypto do not happen atonboarding. They happen afterwards. A customer who passes every KYC check onday one can receive funds from a sanctioned entity on day 90. The compliancegap is not in who you onboard. It is in what you monitor once they are active.KYT exists to close that gap, and regulators in every major jurisdiction arenow examining whether firms have done so.

The evolution of crypto compliance

In traditional finance, complianceframeworks typically rely on customer due diligence and transaction monitoringwithin closed, regulated financial networks. The crypto ecosystem operatesdifferently. Funds can move between centralised exchanges, decentralisedprotocols, self-hosted wallets, custodians, payment services, and cross-chainbridges in minutes, across jurisdictions that may have no regulatoryrelationship with each other.

This requires additional layers ofvisibility that traditional compliance tooling was not designed to provide.

Traditional compliance framework	Crypto compliance framework
Customer Due Diligence (CDD)	Customer Due Diligence (CDD)
Transaction monitoring	Wallet screening
Investigation	KYT transaction monitoring
Regulatory reporting	Risk scoring and prioritisation
	Investigation and case management
	Regulatory reporting and SAR filing

KYT does not replace traditionalcompliance controls. It extends them to address the unique characteristics ofblockchain-based transactions, providing the additional layer of intelligencethat regulators across every major jurisdiction now expect financialinstitutions to demonstrate.

What risks is KYT designed to identify?

Effective KYT programs helporganisations identify a broad range of financial crime and compliance risks.The scope extends well beyond money laundering.

Money laundering

Criminal actors may attempt to obscure the origin of funds through complex transaction chains, multiple wallet transfers, or interactions with high-risk services. KYT helps identify layering, structuring, and other money laundering techniques.

Sanctions exposure

Organisations need to identify transactions involving sanctioned individuals, entities, or services. KYT helps compliance teams assess both direct and indirect exposure, including multi-hop connections to OFAC or United Nations designated entities.

Fraud and scams

Investment scams, phishing attacks, romance fraud, and social engineering schemes frequently involve cryptocurrency transactions. KYT provides visibility into wallet behaviour and transaction patterns that may indicate fraudulent activity.

Ransomware

Many ransomware operators demand payment in digital assets. KYT helps identify transactions involving wallets attributed to known ransomware operations, supporting investigations and potential Suspicious Activity Report (SAR) filing.

Darknet exposure

Transactions connected to darknet services represent elevated compliance and reputational risks. KYT helps organisations identify exposure to these environments across multiple hops and apply appropriate controls.

Terrorist financing

Digital assets have been used to move funds for terrorist organisations. KYT helps organisations identify wallet exposure to designated groups and supports obligations under FATF Recommendation 15 and jurisdiction-specific counter-terrorism financing rules.

High-risk jurisdictions

Some transactions may involve jurisdictions subject to enhanced due diligence requirements or international sanctions regimes. KYT provides contextual intelligence that supports risk-based decision making.

How KYT works in practice

Although implementation variesbetween organisations, most KYT programs follow a similar process. Theobjective is to transform raw blockchain transaction data into actionable compliance intelligence.

1) Monitoring blockchain activity

2) Wallet attribution and entity identification

Raw blockchain data provides limited insight on itsown. A wallet address is a string of characters without context. KYT solutionsenrich transaction data by identifying known entities associated with walletaddresses, including exchanges, custodians, payment providers, decentralisedprotocols, darknet services, mixer services, and sanctioned entities. Thiscontext helps compliance teams understand who may be involved in a transaction, not just where funds moved.

3) Risk assessment and scoring

Once transaction context has been established, riskindicators are evaluated. Transactions may be assessed based on exposure tosanctions, suspicious counterparties, unusual behavioural patterns, high-risk jurisdictions, indirect hop-depth connections, or other indicators definedwithin an organisation's compliance framework. The objective is to prioritiseactivity that warrants further review, not to flag every transaction.

4) Alert generation and investigation

When predefined risk thresholds are exceeded, alertsare generated for compliance review. Investigators can assess the activity, review entity attribution and transaction path evidence, document findings, anddetermine whether escalation, enhanced due diligence, or regulatory reporting is required. Structured investigation workflows improve consistency and auditreadiness.

The three pillars of effective KYT

Many organisations approach KYT as a technology procurement decision. In practice, the most effective complianceprograms recognise that transaction monitoring requires three capabilitiesworking together.

1) Visibility

Organisations cannot manage risks they cannotsee. The first objective of any KYT program is to provide genuine visibilityinto the movement of digital assets across blockchain networks. Complianceteams need to understand where funds originate, where they are sent, whichentities are involved, and how assets move across the broader ecosystemincluding cross-chain bridges, mixing services, and decentralised protocols.Without visibility, compliance is reactive by definition.

2) Risk intelligence

Visibility alone is not sufficient. Modern blockchain networks generate enormous volumes of transaction data. The challenge is not obtaining data but understanding what it means. A transaction involving a newly created wallet may appear benign. Additional analysis may reveal indirect exposure to a sanctioned entity four hops away, or a behavioural pattern consistent with layering across 11 wallets on three different networks. Risk intelligence is what separates raw data from actionable compliance insight.

3) Investigation readiness

Alert generation is the easiest part of KYT. Investigation is where compliance programs succeed or fail. An effective KYT program ensures that when an alert fires, the compliance team can immediately understand why it fired, which specific risk indicators were identified, how severe the risk may be, and what evidence supports the decision. Regulators examining KYT programs do not simply look for alert counts. They look for documented, reasoned decisions.

KYT in practice: four scenarios

The following scenarios illustratehow Scorechain's KYT capabilities identify compliance risks across differentcustomer types and risk categories. All situations are illustrative. Statisticsare verified Scorechain platform figures.

Scenario 1 | European bank / crypto custody | Risk: Indirect sanctions exposure

Indirect sanctions exposure detected four hops from source

The situation

A mid-sized European bank onboards an institutional client for crypto custody services. The client passes all Know Your Customer (KYC) checks, is categorised as low risk, and shows no adverse screening results at onboarding. Three months into the relationship, the client receives a transfer of digital assets.

What Scorechain identified

Scorechain's transaction monitoring identifies that the incoming transfer originates from a wallet with indirect exposure to a designated entity on the Office of Foreign Assets Control (OFAC) Specially Designated Nationals list. The exposure is detected four hops from the source wallet, a depth that manual review would not reliably surface. The alert is generated within 300 milliseconds of the transaction being submitted. The compliance team receives a structured case file including the transaction path, risk score, entity attribution, and hop-depth visualisation.

Outcome

The bank's compliance team escalates the transaction for Enhanced Due Diligence (EDD) review. The client provides documentation confirming the funds originated from a legitimate institutional counterparty. The case is closed with a full audit trail. Because the alert was generated before settlement, the bank acts before assets are moved again, avoiding a potential regulatory breach and the supervisory consequences that accompany undetected sanctions exposure.

Scorechain platform: 939,000+ labelled entities across 50+ blockchains. Indirect exposure detection at configurable hop depths. 300ms API response time.

Scenario 2 | EU-regulated CASP / MiCA-authorised | Risk: Money laundering (layering)

Layering pattern identified across 11 wallets and three blockchain networks

The situation

A CASP operating under the Markets in Crypto-Assets Regulation (MiCA) notices that a customer who has been active for six weeks begins rapidly cycling funds across a series of self-hosted wallets before returning assets to the exchange. Transaction amounts vary slightly each time, consistent with structuring behaviour designed to avoid automated thresholds.

What Scorechain identified

Scorechain's KYT monitoring identifies a behavioural pattern across 11 distinct wallet addresses over a 72-hour window. The system traces the asset flow across three blockchain networks, flags the structuring pattern against the customer's established transaction profile, and generates a risk-scored alert for compliance review. Of the 1.5 million AML checks Scorechain processes daily, behavioural deviation alerts of this type represent the highest-value investigative outputs for compliance teams, providing documented grounds for SAR consideration.

Outcome

The CASP's compliance team opens a case, reviews the full transaction history, and determines the behaviour cannot be explained by legitimate trading activity. A Suspicious Activity Report (SAR) is filed with the relevant financial intelligence unit. The account is subject to enhanced monitoring. The structured alert removes manual blockchain tracing from the investigator's workflow and provides a defensible record of the compliance decision.

Scorechain platform: 1.5M+ AML checks processed daily. Multi-chain tracing across 50+ supported networks. Behavioural deviation scoring against established customer profiles.

Scenario 3 | Digital asset payment provider | Risk: Ransomware exposure

Ransomware wallet exposure flagged one hop from an inbound stablecoin payment, pre-settlement

The situation

A payment provider processing digital asset transactions on behalf of business clients receives an inbound stablecoin payment. The sending wallet has not previously appeared in the provider's transaction history and carries no surface-level indicators of risk.

What Scorechain identified

Scorechain identifies the sending wallet as having direct exposure to a wallet cluster attributed to a known ransomware operation within its database of 939,000+ labelled entities. The exposure is one hop from the sending address. Because Scorechain monitors 470+ stablecoins across supported chains, the detection occurs regardless of the specific stablecoin denomination used. The alert reaches the compliance team within 300 milliseconds, before settlement is confirmed.

Outcome

The payment provider places the transaction on hold pending review. The compliance team confirms the attribution and contacts the business client to investigate the source of funds. The transaction is rejected and the case documented for regulatory purposes. The provider avoids processing a payment that would have created direct exposure to illicit finance and potential sanction under both Financial Crimes Enforcement Network (FinCEN) guidance and the relevant jurisdiction's AML regulations.

Scorechain platform: 470+ stablecoins monitored. 939,000+ labelled entities. Sub-second alert generation enabling pre-settlement intervention.

Scenario 4 | Regulated digital asset fund manager | Risk: Darknet marketplace exposure

Three-hop darknet exposure identified in a routine portfolio rebalancing transaction

The situation

A regulated digital asset fund manager executes a portfolio rebalancing transaction, transferring Bitcoin holdings through a custodian to a liquidity provider. The transaction is operationally routine and involves counterparties the fund has worked with previously. Standard pre-trade checks raise no concerns.

What Scorechain identified

Scorechain's post-trade transaction monitoring identifies that the liquidity provider's settlement wallet has indirect exposure to a darknet marketplace through a chain of three intermediate wallets. The exposure sits two hops from the liquidity provider's address and three hops from the fund's own transaction. Without automated hop-depth analysis, this connection is invisible to manual review. Scorechain surfaces the exposure with entity attribution, risk scoring, and a transaction path visualisation, providing the evidence needed to assess materiality.

Outcome

The fund's compliance team reviews the case and determines the exposure, while indirect, warrants escalation to the risk committee and a review of the liquidity provider relationship. Enhanced due diligence is initiated. The episode is documented in full, demonstrating proactive risk management to auditors and institutional investors. It also illustrates why direct counterparty checks alone are insufficient: the risk was three hops away from the fund's own transaction.

Scorechain platform: Multi-hop exposure detection across 50+ blockchain networks. 939,000+ labelled entities including darknet services, mixers, and high-risk protocols.

The KYT maturity model

Not all KYT programs are equallyeffective. Organisations tend to progress through three stages of maturity astheir digital asset compliance capabilities develop.

‍

LEVEL 1: Reactive monitoring

• Spreadsheet-basedreviews and manual blockchain investigations

• Limitedor single-chain visibility with no cross-chain tracing

• Reactive,point-in-time checks rather than continuous monitoring

• High operational workload with inconsistent documentation

• Alert volume ungoverned and alert quality unmeasured

LEVEL 2: Risk-based monitoring

• Automatedalerts based on predefined risk thresholds

• Walletscreening integrated into transaction workflows

• Riskscoring and prioritisation reducing investigator workload

• Defined escalation procedures and structured case management

• Consistent documentation supporting audit readinessand SAR filing

LEVEL 3: Intelligence-driven compliance

• Continuousmonitoring across all supported networks with hop-depth analysis

• Advancedrisk intelligence integrated into enterprise risk management strategy

• Automatedcase management with cross-functional collaboration

• Audit-readydocumentation and data-driven decision making

• KYT outputs used to inform customer risk ratings andrefresh due diligence cycles

Expert insight
The most revealing question to ask about any KYT program is not how many alerts it generates. It is how many of those alerts result in documented decisions. Regulators examining program effectiveness want to see evidence that alerts were reviewed, assessed, and resolved with a clear rationale. Alert volume without investigation quality is not a compliance program. It is a liability.

KYT vs KYC vs wallet screening

One of the most common areas ofconfusion in crypto compliance is the relationship between KYC, KYT, and walletscreening. These controls address different objectives and operate at differentpoints in the customer lifecycle.

	KYC	Wallet screening	KYT
Primary focus	Customer identity	Wallet risk	Transaction behaviour
Timing	Onboarding	Before and during transactions	Continuous
Objective	Verify who the customer is	Assess wallet-level exposure	Monitor ongoing activity
Key question	Who is the customer?	Is this wallet risky?	What is this transaction doing?
Example inputs	ID documents, PEP checks	Sanctions lists, darknet links	Layering, hop depth, flows
Regulatory link	FATF R.10, KYC rules	FATF R.15, sanctions screening	FATF R.16, AML monitoring rules

These controls are complementary,not interchangeable. KYC establishes confidence in customer identity. Walletscreening identifies potential exposure at the address level. KYT monitors howassets move after onboarding begins. The strongest compliance frameworks integrate all three into a unified risk management process that operatesthroughout the entire customer lifecycle.

Common misconceptions about KYT

Misconception 1: KYC is sufficient‍
Customer onboarding checks cannot identify risks thatemerge from post-onboarding transaction behaviour. A customer who receivesfunds from a ransomware wallet three months after passing all KYC checks presents areal compliance failure that KYC alone has no mechanism to detect. Regulatorsin every major jurisdiction have made clear that ongoing monitoring is aseparate and distinct obligation from identity verification.

Misconception 2: KYT is only for crypto exchanges‍
Exchanges were early adopters, but KYT is now operationally necessary for banks offering crypto custody, payment providers processing digital assets, asset managers holding digital portfolios, fintech companies integrating blockchain payment rails, and any CASP operating under MiCA, FCA, FinCEN, VARA, or MAS frameworks.

Misconception 3: High-risk alerts mean suspicious activity‍
Exchanges were early adopters, but KYT is now operationally necessary for banks offering crypto custody, payment providers processing digital assets, asset managers holding digital portfolios, fintech companies integrating blockchain payment rails, and any CASP operating under MiCA, FCA, FinCEN, VARA, or MAS frameworks.

Misconception 4: KYT is a one-time configuration‍
Financial crime typologies evolve continuously. Monitoring rules, risk thresholds, and entity databases that were effective 12 months ago may not adequately address current threats including new mixer protocols, emerging darknet markets, cross-chain bridging techniques, or newly designated sanctions targets. Effective KYT programs require regular review and calibration.

Misconception 5: Manual processes scale‍
At low transaction volumes, manual blockchainreview is possible. It is not sustainable. Organisations that rely onspreadsheets and ad hoc blockchain explorer searches will face a compliancecapacity crisis as volumes grow, and regulators examining their programs willfind the evidence trail inconsistent and incomplete.

KYT for banks

Banks entering the digital assetecosystem face a compliance challenge that is qualitatively different from whatcrypto-native firms encounter. Banks operate within mature governance frameworks,are subject to supervisory examination by central banks and prudentialregulators, and carry reputational exposure that a compliance failure indigital assets can damage across their entire business.

Regulators applying supervisoryscrutiny to banks' digital asset programs examine not just whether policiesexist, but whether controls are effective in practice. The European BankingAuthority (EBA) has issued guidance making clear that AML obligations applyfully to banks' crypto-related activities. The Financial Conduct Authority(FCA) in the United Kingdom expects registered crypto firms, including banksubsidiaries, to demonstrate transaction monitoring programs proportionate totheir risk exposure. The Office of the Comptroller of the Currency (OCC) in theUnited States has addressed the conditions under which banks may engage indigital asset activities, with AML controls as a prerequisite.

What bank supervisors look for in a KYT program

• Continuous transactionmonitoring, not periodic sampling

• Documented risk-basedthresholds with evidence of calibration reviews

• Structured investigationworkflows producing defensible compliance decisions

• Alert quality metrics, notjust alert volume

• Integration between KYToutputs and customer risk rating refresh processes

• Evidence that high-riskalerts resulted in reviewed, documented, and resolved cases

• Audit-ready records capable of supporting regulatoryexamination and SAR filing

Expert insight‍
Banks are not penalised by supervisors foridentifying suspicious activity. They are penalised for failing to identify it,or for identifying it and failing to act on it in a documented and timely way.A KYT program that generates alerts but lacks investigation depth is morelikely to create regulatory exposure than one that generates fewer,higher-quality alerts with complete investigation records.

KYT for CASPs

Crypto-Asset Service Providersoperate at the centre of the digital asset ecosystem. Their customers interactwith exchanges, self-hosted wallets, decentralised protocols, custodians, andpayment networks simultaneously. This creates a more dynamic and complex riskenvironment than most traditional financial institutions face.

Under the Markets in Crypto-AssetsRegulation (MiCA), CASPs authorised within the European Union must demonstraterobust governance, risk management, and AML compliance. The Travel Rule, asimplemented across jurisdictions including the EU, UK, Switzerland, Singapore,and the UAE, also requires CASPs to collect and transmit originator andbeneficiary information alongside digital asset transfers, making transactiondata quality foundational to compliance.

KYT helps CASPs monitor customeractivity at scale, detect behavioural anomalies, identify emerging threats innear real time, support AML and Travel Rule obligations, and improve theoperational efficiency of compliance teams managing large transaction volumes.

KYT in global regulatory frameworks

KYT obligations exist across everymajor financial jurisdiction. While the terminology and specific requirementsdiffer, the underlying expectation is consistent: organisations handlingdigital assets must monitor transactions on an ongoing basis, assess risk incontext, and generate documented compliance decisions.

The Financial Action Task Force(FATF) provides the global foundation. FATF Recommendation 15 requires memberjurisdictions to regulate Virtual Asset Service Providers for AML andcounter-terrorism financing purposes, including transaction monitoring. The2021 FATF Updated Guidance on Virtual Assets sets out detailed expectations forhow monitoring should operate in blockchain environments, including the need toassess indirect exposure through multi-hop analysis. Every domestic frameworklisted below is built on this foundation.

Jurisdiction	Regulator / Framework	KYT obligation
European Union	MiCA + AMLD6 / EBA	Mandatory for all CASPs. No de minimis threshold on transaction monitoring under the Transfer of Funds Regulation.
United Kingdom	FCA / MLRs 2017	Mandatory for FCA-registered cryptoasset businesses. FCA actively examines monitoring quality and calibration.
United States	FinCEN / BSA + OFAC	Mandatory for virtual currency MSBs. FinCEN enforcement actions have produced nine-figure penalties for monitoring failures.
UAE	VARA Regulations 2023	Mandatory for all VARA-licensed VASPs across exchange, custody, and broker-dealer activity categories.
Singapore	MAS PSA / Notice PSN02	Mandatory for DPT service providers. MAS expects monitoring proportionate to volume and risk profile.
Switzerland	FINMA / AMLA	Mandatory for financial intermediaries dealing in virtual assets. FINMA expects indirect exposure analysis.
Hong Kong	SFC / AMLO (VATP)	Mandatory for SFC-licensed VATPs. HKMA separately expects banks with crypto exposure to apply equivalent standards.
Japan	FSA / Payment Services Act	Mandatory for registered crypto-asset exchange service providers. Japan was among the first to implement the Travel Rule.
Global baseline	FATF R.15 + R.16	Standards adopted by 200+ jurisdictions. Forms the foundation of all domestic virtual asset AML and monitoring regimes.

Each jurisdiction translates theseobligations differently. The EU and UK have the most prescriptiveimplementation frameworks currently in force. The US applies existing BSA obligationsto virtual currency businesses through FinCEN guidance and enforcementprecedent. The UAE and Singapore have built purpose-built regulatory frameworkswith explicit rulebooks for each licensed activity type. Switzerland and Japanhave the longest track records of virtual asset AML enforcement among non-EUjurisdictions.

Dedicated compliance guides foreach jurisdiction are available in the Scorechain resource library. Theremainder of this section focuses on MiCA, the framework most directly relevantto Scorechain's European client base and one of the most structurallysignificant developments in crypto regulation globally.

KYT and MiCA compliance

The Markets in Crypto-AssetsRegulation (MiCA) represents the most comprehensive crypto-specific regulatoryframework currently in force globally. While MiCA does not use the term 'KYT'explicitly, it creates specific obligations that make transaction monitoringoperationally necessary for all CASPs authorised within the European Union.

MiCA requires CASPs to establishand maintain governance arrangements, risk management frameworks, and AMLcontrols proportionate to the nature, scale, and complexity of theiractivities. The Transfer of Funds Regulation, which applies in parallel,removes the EUR 1,000 de minimis threshold for crypto asset transfers, meaningevery transaction must be accompanied by originator and beneficiary data, andevery transaction is subject to monitoring obligations.

MiCA / AMLD6 requirement	How KYT supports compliance
Governance and risk management frameworks	Provides structured alert, investigation, and case documentation workflows that evidence operational compliance
AML and counter-terrorism financing controls	Continuous transaction monitoring with risk-scored alerts and hop-depth analysis
Travel Rule (Transfer of Funds Regulation)	Transaction-level data enrichment supports TFR compliance and counterparty risk assessment
Operational resilience	Scalable monitoring infrastructure that maintains compliance as transaction volumes grow
SAR filing obligations	Structured alert-to-case workflow with documentation supporting FIU reporting
Supervisory examination readiness	Audit-ready case records demonstrating that controls are effective in practice

How KYT strengthens AML programs

KYT should be understood as onecomponent within a broader Anti-Money Laundering framework, not as a standalonesolution. A mature AML program includes Customer Due Diligence (CDD), EnhancedDue Diligence (EDD), risk assessments, transaction monitoring, investigations,and regulatory reporting. KYT strengthens each of these components by providingdeeper visibility into blockchain-based financial activity.

Customer due diligence mayestablish expected transaction behaviour during onboarding. KYT determines whetheractual activity aligns with those expectations over time. Where it does not,KYT provides the documented evidence trail that supports an enhanced duediligence review, a risk rating refresh, or a SAR filing. The two processes arenot alternatives. They are complementary stages of a continuous compliancelifecycle.

Common challenges when implementing KYT

While the case for KYT is clear,implementation presents operational and technical challenges that organisationsshould anticipate.

Alertfatigue and false positive rates

Poorly configured monitoring rulescan generate large volumes of alerts that prove to be low risk oninvestigation. This overwhelms compliance teams, increases response times, andreduces the overall quality of compliance decision making. Effective KYTprograms focus on improving alert precision through better risk intelligenceand regular threshold calibration, not simply maximising alert volume.

Cross-chaincomplexity

Digital assets increasingly moveacross multiple blockchain networks via bridges and interoperability protocols.A transaction that originates on Ethereum may involve assets that have passedthrough Polygon, Avalanche, or Solana. Understanding the full risk picturerequires visibility across all relevant networks, not just the chain on whichthe final transaction appears.

Evolvingfinancial crime typologies

Criminal actors adaptcontinuously. Techniques that effective monitoring would have caught 18 monthsago may now be routed differently, use new mixing protocols, or exploit newlylaunched cross-chain infrastructure. Monitoring rules and entity databases mustbe updated regularly to remain effective against current threats.

Resourceand capacity constraints

Many compliance teams face growingtransaction volumes without proportional growth in headcount. Technologyimproves efficiency and consistency, but experienced compliance professionalsremain essential for investigation quality and defensible decision making.Organisations should plan for the human capacity requirements of a mature KYTprogram, not just the technology procurement.

Multi-jurisdictioncompliance harmonisation

Organisations operating acrossmultiple jurisdictions face the challenge of meeting overlapping regulatoryrequirements that may have different thresholds, reporting timelines, anddocumentation standards. A KYT program designed for MiCA may need adjustment toalso satisfy FCA, FinCEN, VARA, and MAS expectations simultaneously.

Best practices for effective KYTprograms

1) Adopt a risk-based approach

Not all transactions carry the same level of risk.Compliance resources should be concentrated where they have the greatestimpact. Risk-based approaches, as required by FATF, MiCA, FCA, FinCEN, VARA,and MAS alike, mean calibrating monitoring rules to the actual risk profile ofthe business, its customers, and its transaction types rather than applyinguniform thresholds to all activity.

2) Integrate KYC, wallet screening, and KYT

No single control provides complete protection. KYCestablishes identity confidence at onboarding. Wallet screening assessesaddress-level exposure before and during transactions. KYT monitors behaviouralpatterns across the full transaction lifecycle. The three controls togethercreate a compliance framework that addresses risks at every stage of thecustomer relationship.

3) Monitor continuously, not periodically

Risk does not respect review schedules. A sanctionsdesignation can be issued on any day of the year. A customer can receive fundsfrom a ransomware wallet on a bank holiday. Continuous monitoring ensures thatrisks are identified as close to the point of exposure as possible, enablingintervention before assets move on and the compliance window closes.

4) Build investigation depth, not just alert breadth

Regulators examining KYT programs are not primarilyinterested in alert counts. They want to see that alerts are reviewed promptly,that the review process is documented, that decisions are supported byevidence, and that suspicious activity results in appropriate escalation orreporting. Alert generation without investigation infrastructure is acompliance gap, not a compliance program.

5) Review and calibrate monitoring rules regularly

The crypto ecosystem evolves faster than mostcompliance programs are updated. Monitoring rules that were effective againstlast year's typologies may be inadequate today. Organisations should scheduleregular reviews of risk thresholds, entity databases, and detection logic, andshould document those reviews as evidence of a living compliance program.

6) Design for multi-jurisdiction compliance from the start

Organisations with customers or operations across multiple jurisdictions should design their KYT programs to satisfy the most demanding applicable framework as a baseline. Building a program to MiCA and FCA standards simultaneously will generally produce a program that also satisfies FATF baseline expectations for other jurisdictions.

Industry trends shaping KYT

Trend	What it means for KYT programs
Increased institutional adoption	Banks, asset managers, and regulated financial institutions are deepening their involvement in digital assets. Institutional participation raises the compliance bar: the same governance standards applied to traditional finance are increasingly expected in digital assets.
Regulatory convergence across borders	Jurisdictions are converging on FATF standards as a baseline while adding domestic requirements. Organisations operating globally face overlapping obligations that require KYT programs capable of satisfying multiple frameworks simultaneously.
Travel Rule implementation	As Travel Rule implementation accelerates across the EU, UK, UAE, Singapore, and other jurisdictions, the data quality requirements for transactions increase. KYT transaction data enrichment directly supports Travel Rule counterparty assessment.
Growing transaction volumes	As crypto adoption expands, transaction volumes continue to rise. Compliance teams cannot scale headcount proportionally. Scalable, automated monitoring is no longer a competitive advantage; it is an operational necessity.
Outcome-based regulatory supervision	Regulators are shifting from process-based to outcome-based examination. They evaluate whether controls actually identify risk, not just whether policies describe how they should. KYT programs must demonstrate effectiveness through documented decisions, not simply through the existence of monitoring rules.
Cross-chain and DeFi complexity	Decentralised finance protocols and cross-chain bridges create transaction paths that are significantly more complex to trace than traditional blockchain transfers. KYT solutions increasingly require multi-chain visibility and behavioural analytics to identify risk accurately.

‍

Frequently asked questions

Is KYT required under MiCA?

MiCA does not use the term 'KYT' explicitly, but it requiresCASPs to implement governance, risk management, and AML controls that maketransaction monitoring operationally necessary. The Transfer of FundsRegulation, which applies in parallel, mandates ongoing monitoring of allcrypto asset transfers with no de minimis threshold.

What is FATF Recommendation 15 and how does it relate to KYT?

FATF Recommendation 15 requires member jurisdictions to ensurethat Virtual Asset Service Providers are regulated for AML and counter-terrorismfinancing purposes, including transaction monitoring. The 2021 FATF UpdatedGuidance on Virtual Assets provides detailed expectations for blockchainmonitoring, including risk-based approaches to indirect exposure assessment.This guidance underpins the domestic frameworks of all member jurisdictions,from the EU and UK to the US, UAE, Singapore, Switzerland, Hong Kong, andJapan.

Is KYT required in other jurisdictions beyond the EU?

Yes. Transaction monitoring obligations apply across all major financial jurisdictions. The FCA requires it for UK-registered cryptoassetbusinesses under the Money Laundering Regulations 2017. FinCEN requires it forUS virtual currency MSBs under the Bank Secrecy Act. VARA requires it forUAE-licensed VASPs. MAS requires it for Singapore DPT service providers. FINMArequires it for Swiss financial intermediaries. The SFC requires it for HongKong VATPs. The FSA requires it for Japanese crypto-asset exchange serviceproviders. The regulatory table in this article maps each jurisdiction'sprimary framework and obligation level.

Does KYT replace KYC?

No. KYC and KYT address different risks at different points inthe customer lifecycle. KYC focuses on identity verification during onboarding.KYT focuses on transaction behaviour throughout the ongoing customerrelationship. Both are required by all major regulatory frameworks.

What triggers a KYT alert?

Alerts may be triggered by direct or indirect exposure tosanctions-listed entities, transactions involving high-risk wallet clusters,behavioural deviations from established customer profiles, interactions withdarknet services or mixing protocols, unusual transaction volumes or patterns,or other predefined risk indicators calibrated to the organisation's riskappetite.

Can KYT detect indirect sanctions exposure?

Yes. Hop-depth analysis is a core capability of advanced KYT programs. Exposure to a sanctioned entity that sits three or four hops from thedirect counterparty may be invisible to manual review but detectable throughautomated multi-hop tracing. OFAC has taken enforcement action in casesinvolving indirect exposure.

Can banks use KYT?

Yes, and they increasingly must. Banks offering crypto custody, stablecoin payment services, or digital asset trading are expected by the EBA,FCA, OCC, and other prudential regulators to demonstrate transaction monitoringcapabilities proportionate to their risk exposure.

What is the difference between KYT and blockchain analytics?

Blockchain analytics provides visibility into on-chain activity. KYT applies that visibility within structured compliance workflows, connectingtransaction data to risk scores, alert generation, investigation processes, andregulatory reporting obligations. Analytics is the data layer. KYT is thecompliance application of that data.

Can KYT monitor self-hosted wallets?

Yes. KYT solutions can assess transactions involving self-hosted wallets and identify relevant risk indicators including indirect exposure tohigh-risk services. This is particularly relevant under the Travel Rule, whereinteractions with self-hosted wallets may trigger enhanced due diligencerequirements.

Does KYT support Travel Rule compliance?

KYT and Travel Rule compliance address different requirements but are complementary. KYT provides transaction-level risk context thatsupports the counterparty assessment required under the Travel Rule.Transaction data enriched by KYT helps organisations make informed decisionsabout whether to proceed with a transfer and whether enhanced due diligence isneeded.

How does KYT support SAR filing?

KYT generates structured alert outputs that document the specific risk indicators identified in a transaction or pattern oftransactions. This documentation forms the evidentiary basis for a SuspiciousActivity Report, providing the compliance team with the detail needed tocomplete a filing that satisfies regulatory expectations for specificity andcompleteness.

What should organisations look for in a KYT solution?

Key evaluation criteria include: blockchain network coverage(number and range of supported chains), entity database depth and recency,hop-depth analysis capability, alert quality and false positive management,investigation workflow features, scalability to transaction volume,jurisdiction-specific compliance support, and integration with existing KYC andcase management systems.

How often should monitoring rules be reviewed?

At minimum annually, and more frequently if transaction volumes grow significantly, new product lines are added, major enforcement actionshighlight new typologies, or significant changes occur in the regulatoryframeworks applicable to the organisation. The review should be documented asevidence of a live compliance program.

Can KYT reduce false positives?

Well-designed programs reduce false positive rates through higher-quality entity attribution, more precise risk intelligence, and regularcalibration of detection thresholds to the actual risk profile of the business.Reducing false positives is as important as generating true positives: alertfatigue is a genuine compliance risk.

Is KYT relevant for stablecoins?

Yes. Stablecoins are subject to the same AML monitoring obligations as other crypto assets under MiCA, the FCA MLRs, FinCEN guidance,VARA rules, and MAS Notice PSN02. Monitoring stablecoin transactions requires aKYT solution that covers the range of stablecoins in circulation acrossmultiple chains.

What is hop depth and why does it matter?

Hop depth refers to the number of intermediate wallet transfers between a transaction and a high-risk entity. A transaction may be one hop fromyour direct counterparty, or it may be four hops away through intermediatewallets. Regulators including OFAC have taken action in cases involvingindirect exposure, making hop-depth analysis an essential component ofsanctions screening and AML monitoring.

How does KYT differ from traditional transaction monitoring?

Traditional transaction monitoring operates within closedbanking systems and focuses on account-level behavioural patterns. KYT extendsmonitoring to open blockchain networks, providing wallet attribution, hop-depthanalysis, cross-chain tracing, and entity-level risk scoring that legacysystems are not designed to perform.

‍

How Scorechain supports KYT

An effective KYT program requiresmore than blockchain visibility. Organisations need the ability to understandrisk in context, investigate alerts efficiently, demonstrate complianceoutcomes to regulators, and scale as transaction volumes grow.

Scorechainplatform capabilities

• Monitor blockchaintransactions across 50+ supported networks including Bitcoin, Ethereum, Solana,Avalanche, Polygon, and major layer-2 protocols

• Assess wallet andtransaction risk with hop-depth exposure detection across 939,000+ labelledentities

• Screen 470+ stablecoinsacross supported chains as part of standard transaction monitoring

• Generate risk-scored alertswithin 300 milliseconds via API, enabling pre-settlement intervention

• Process 1.5 million+ AMLchecks daily at institutional scale

• Support investigationworkflows with structured case files, entity attribution, and hop-depth pathvisualisation

• Generate audit-readydocumentation capable of supporting regulatory examination and SAR filing

• Integrate with broader AML, KYC, Travel Rule, and casemanagement frameworks

‍

scorechain.com | Enterprise blockchain analytics and cryptoAML compliance platform

scorechain.ai | On-demand wallet screening reports forcompliance teams

Headquartered in Luxembourg. Serving banks, CASPs,payment providers, custodians, and asset managers across the EU, UK, UAE,Singapore, and globally.

‍

Final thoughts

The question facing banks, CASPs,payment providers, and asset managers is no longer whether to implement KYT,but whether the program they have is adequate for the regulatory environmentthey now operate in.

Across the EU, UK, US, UAE,Singapore, and every jurisdiction that has adopted FATF standards, thedirection of regulatory travel is consistent: firms must demonstrate not justthat monitoring policies exist, but that controls are effective, calibrated,and generating defensible compliance decisions in practice. The era ofcompliance-by-documentation is ending. The era of compliance-by-evidence hasarrived.

Know Your Transaction is howorganisations produce that evidence. Done well, it transforms blockchainactivity into a documented audit trail that satisfies regulators, protects theinstitution, and enables confident participation in digital asset markets. Donepoorly or not at all, it represents a regulatory exposure that enforcementactions in the US, Europe, and the Gulf have shown can be existential.

The firms that build rigorous KYTprograms now are not just managing compliance obligations. They are buildingthe operational foundation for long-term, trusted participation in an assetclass that is becoming central to the global financial system.

Assess your KYT capabilities with Scorechain

Whether you are building a KYT program from scratch or reviewing an existing one, Scorechain's compliance specialists can help you identify gaps, configure monitoring rules, and demonstrate regulatory readiness.

Book a Demo

Sources and regulatory references

This guide draws on the followingprimary regulatory sources. Organisations are encouraged to consult currentversions directly, as regulatory guidance is subject to revision.

Source	Description
FATF Recommendation 15 (2019 revision)	Requires jurisdictions to regulate virtual asset service providers for AML and counter-terrorism financing purposes, including transaction monitoring obligations.
FATF Recommendation 16	The Travel Rule requirement for wire transfers, extended to virtual asset transfers under the 2019 FATF Standards on Virtual Assets and VASPs.
FATF Updated Guidance on Virtual Assets (2021)	Detailed interpretive guidance on applying Recommendations 15 and 16 to blockchain-based transactions, including risk-based approaches to monitoring indirect exposure.
Markets in Crypto-Assets Regulation (MiCA)	Regulation (EU) 2023/1114. The primary EU framework for crypto-asset service providers, establishing governance, AML, and operational resilience requirements.
Transfer of Funds Regulation (TFR)	Regulation (EU) 2023/1113. Extends Travel Rule requirements to crypto asset transfers with no de minimis threshold within the EU.
Sixth Anti-Money Laundering Directive (AMLD6)	Directive (EU) 2018/1673. Harmonises AML criminal law across the EU and applies to crypto-related activities.
FCA Money Laundering Regulations 2017 (MLRs)	UK statutory instrument requiring cryptoasset businesses to register with the FCA and implement risk-based AML programs including ongoing transaction monitoring.
FinCEN Guidance FIN-2013-G001	FinCEN guidance applying the Bank Secrecy Act to persons administering, exchanging, or using virtual currencies. Foundation of US virtual currency AML obligations.
VARA Virtual Assets Regulations 2023	The UAE's comprehensive virtual asset regulatory framework issued by the Virtual Assets Regulatory Authority, including activity-specific compliance rulebooks.
MAS Notice PSN02	Monetary Authority of Singapore notice setting out AML and CFT requirements for Digital Payment Token service providers licensed under the Payment Services Act 2019.
FINMA Guidance 02/2019 (Blockchain)	Swiss Financial Market Supervisory Authority guidance on the regulatory treatment of initial coin offerings and blockchain-based financial services, including AML obligations for virtual asset intermediaries.
SFC VATP Licensing Conditions (Hong Kong)	Securities and Futures Commission licensing requirements for Virtual Asset Trading Platforms under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, effective June 2023.
FSA Guidelines on Crypto-Asset Exchange Providers (Japan)	Financial Services Agency guidelines on AML program requirements for registered crypto-asset exchange service providers under the Payment Services Act and the Act on Prevention of Transfer of Criminal Proceeds.
EBA Opinion on Virtual Currencies (2014/2019)	European Banking Authority opinions on the application of AML obligations to virtual currency activities, underpinning EBA expectations for banks with crypto exposure.