Best Practices for Transaction Monitoring for Crypto

Guide to transaction monitoring for crypto - best practices to build AML compliance programs

Crypto has introduced new possibilities for users across the financial landscape. It also disrupts the way regulation and financial institutions deal with criminal threats such as money laundering and terrorism financing.

In June 2021, the U.K. police seized $160 million in cryptocurrency in a money-laundering investigation, while the U.S. saw more than 80,000 cryptocurrency frauds in 2020 alone.

Both financial institutions and crypto companies - otherwise known as Virtual Asset Service Providers or VASPs - collect personal data on participants in transactions to reduce fraud and money laundering by removing anonymous transactions.

As the foundation of effective AML, the process requires VASPs to scrutinize users’ transactional behaviors in a quest to spot an attempt to commit crimes.

What is Transaction Monitoring?

Monitoring transactions is required as part of customer due diligence (CDD) for AML compliance. Companies need to know their customers.

Financial Action Task Force (FATF) recommends exchanges report transactions over $/€1000, including cryptocurrency. On the other hand, E.U.: 5th AMLD considers cryptocurrencies and crypto exchanges “obliged entities” that must follow CFT/AML regulations.

Exchanges must perform Customer Due Diligence (CDD) and submit any suspicious activity reports (SAR). As a result, cryptocurrency exchanges and wallets - must now register with the competent authorities (such as Germany’s BaFin or the U.K.'s Financial Conduct Authority) in their domestic locations.

Why is Transaction Monitoring important?

Since regulation of VASPs by the FATF began back in 2019, it has included crypto exchanges as virtual asset service providers.

Firms will embrace transaction monitoring for two good reasons—compliance and anti-fraud.

1. Fraudsters rob you and your customers

Crypto fraud has many faces- Financial Crimes, Scam Initial Coin Offerings, Pump and Dump Schemes, Market Manipulation, Ponzi Schemes, Traditional Theft, Broker/Dealer Fraud, and Unscrupulous Promotors. As such, CFTC takes crypto enforcement seriously; it is a top priority because of its high risks for investor fraud. Even without regulatory fines, monitoring transactions reduces fraud.

2. Avoid regulatory fines

Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance are structured to make crypto exchanges secure. KYC/AML regulations have become more rigid in the past year, and different countries are amending their laws for customers’ due diligence. The E.U.’s 6AMLD requires all crypto transactions to have Ultimate Beneficiary Owner, also included in AML regulations.

Huge fines resulting from breaches in compliance are forcing all stakeholders to keep up with regulations. In 2020, AML compliance fines totalled $10.38 billion worldwide, almost double the 2019 figure ($5.72 billion). By 2021, the fines were over $20 billion. VASPs must comply with the crypto regulations at all costs—otherwise, they face heavy penalties.

What do crypto companies have to report?

Crypto companies do not need KYC on customers when they open an account but do so for the transaction, especially in the E.U. and U.S.

Transaction monitoring for crypto follows these steps:

  • KYC check (who is the customer).
  • Transaction Identification and analysis of the cluster (an example crypto anonymous address).
  • Transaction analysis for any abnormal exchanges behaviors.
  • Deliver an end report (especially from Crypto to FIAT).

Travel Rule for VASPs

The roll-out of the FATF Travel Rule concerns cross-border and domestic wire transfers. The information meant to “travel” from originator account to beneficiary accounts both within and across national borders needs to be submitted.

Specifically, FATF Travel Rule Recommendation 16 directs VASP originators (or senders) of transfers need to submit the following information:

  • Sender name
  • Sender account number
  • Sender address (or ID, date and place of birth)
  • Beneficiary name
  • Beneficiary account number

FATF considered this information an integral component of a robust anti-money laundering regulatory framework. Creating KYC checks helps crypto services serve global users from day one.

The travel rule for VASPs compliance is not so simple or easy—the industry is built on anonymous, decentralized financial transactions, and attempts to collect the FATF’s benchmark of Know Your Customer (KYC) information have not been straightforward.

How companies can effectively integrate identity verification

While bringing VASPs into the fold of regulations once reserved for traditional financial companies would never be straightforward, it is slowly but surely proving to be possible. The future of VASPs in a world of more discerning and widespread compliance regimes no longer seems impossible.

Implementing the Travel Rule for VASPs to meet regulatory requirements helps firms safeguard against fraud and other crypto crimes. Compliance builds trust amongst users. Companies can have identity verification performed by a service provider while they focus on their end-users. Having a service provider takes away the need to store sensitive customer data vulnerable to hacks, reassuring customers.

How do companies in crypto implement KYC checks?

  • Build a branded identity verification into the product as an option and insist on full KYC to achieve perks or withdraw any funds.
  • Educate end-users transparently — the most well-established exchanges use FAQs and explainers to educate their users on the importance of identity verification.
  • IDV increases security and CX in one go — companies can leverage this to prevent cases of account takeover. Features such as Passbase’s Identity Timeline give exchanges a 360-degree view of customers.
  • Use solutions that have localization — crypto exchanges are often not up to par with their AML policies. There are tested identity verification solutions that serve global markets by taking global documents, multilanguage options, and translation interfaces.


There’s no way of escaping it — AML compliance is compulsory. Therefore, you need an effective KYC procedure in place.

KYC and AML compliance helps protect your exchanges from financial criminals. Still, its manual processes come with tons of challenges, such as expensive third-party services, long wait times, and data security breaches.

Luckily, Passbase solves all these problems with one ready-made automated KYC solution. Cut out friction and unnecessary costs in your onboarding while ensuring you stay compliant with all AML regulations, now and into the future. So what are you waiting for? Sign up with Passbase.

Learn more about KYC procedures and subscribe to our newsletter to find out about future events.

Get the latest news from Passbase

Passbase © 2023


Passbase is an identity verification solution that makes facial recognition, liveness detection, ID verification and KYC and AML compliance accessible through a suite of flexible developer tools. A zero-knowledge architecture ensures that companies using Passbase can securely verify users from over 190 countries without having to store their data. Built for developers, it can be integrated with just a few lines of code on iOS, Android, and Web.