What is ‘know your transaction’ for blockchain? A guide for payment teams

In this guide, Markus Kemptner, BVNK's Head of Anti-Financial Crime Architecture and Intelligence discusses the power of blockchain transaction monitoring in the fight against financial crime.

By
Markus Kemptner
July 19, 2023
8
min read

Introduction

As a payment professional looking to harness distributed ledger technology (DLT), you’ll need to make sure that you and your partners have the right systems and controls in place to mitigate risks and meet financial crime compliance requirements.

Like all payment rails, digital asset payment rails can be used to move illicit funds. In 2022, illicit addresses sent nearly $23.8 billion worth of cryptocurrency according to Chainalysis, with just under half going to mainstream centralised exchanges. Though Chainalysis data suggests illicit activity makes up less than 1% of total on-chain activity. 

Distributed ledger technology also brings new opportunities to tackle money laundering. Blockchain ledgers are transparent, giving us powerful new ways to continuously monitor transactions, track the flow of funds, and detect and prevent illicit activity.


What is ‘know your transaction’ on the blockchain?

Know your transaction (KYT) is a programme of monitoring online transaction data in order to detect and prevent financial crimes such as money laundering and terrorist financing. 

KYT is a key component of a broader ‘know your customer’ (KYC) programme, which includes verifying a customer’s identity and carrying out due diligence at the start and throughout the customer lifecycle. 

While KYT can also apply to fiat payments, it has come to prominence with the rise of distributed ledger technology. The transparent, auditable and permanent nature of blockchains means you can follow the flow of funds in a transaction from originator to beneficiary, as well as the entire history of those funds. 

KYT on the blockchain can also help to tackle some of the challenges that businesses face with KYC. We’ve seen issues with identification over the decades, from stolen and fake identities to more recent challenges with AI images, video and speech. In this context, customer verification, while important, is alone not enough to prevent financial crimes. 

The financial sector has had to adapt their controls, and put a stronger focus on transaction history and transaction behaviour. Here the blockchain can give us incredible insights and opportunities, in comparison to traditional payment rails.

What are blockchain analytics?

Blockchain analytics tools are commonly used by financial services providers, regulators and financial intelligence units (FIUs). They’re designed to automatically flag risks and risk exposure. They allow you to monitor transactions and detect addresses related to categories such as high-risk exchanges, gambling, sanctions or dark web markets – and not just in the transaction your business is exposed to, but several transactions backwards or forwards.

Here's an example of how it works:

  • the Office of Foreign Assets Control (OFAC) adds a digital currency address to its list of Specially Designated Nationals And Blocked Persons (SDN)
  • your business, a user of a blockchain analytics tool, is the counterparty to a transaction involving this address
  • you receive an alert immediately, allowing you to take instant action. You're alerted if you are sending or receiving funds to or from that address, or, to and from other addresses associated with that address. 


Payment teams can also work with their payment partners to create bespoke transaction monitoring rules that work for their business’ risk tolerance, for example applying specific permitted and banned addresses. 

Be sure to ask your provider what their approach is to transaction monitoring. While most providers use blockchain analytics tools, some also give added protection. At BVNK, we take a multi-layered approach, including customer identification and due diligence, and deploying blockchain analytics tools to carry out real time transaction monitoring. Plus we offer an additional layer of protection by using analytics supported by machine learning to unveil the ‘unknown’.

Tools like pattern recognition, network analytics and outlier detection can be taken to a new level with DLT. With DLT, we can use global transaction information as reference as well as proprietary data. This allows us to take a proactive approach to detect unusual behaviour, rather than only examining known high-risk and fraudulent individuals, or known financial crime patterns.

Taking this approach also allows us to rethink other traditional anti-money laundering practices and reconsider limitations like blanket transaction limits, which may create friction for legitimate payers, in favour of smarter, more targeted action. Targeted action might include for example using the full public transaction history to discover networks that 'layer' transactions and block addresses that have been used to move the proceeds of financial crimes.

Can you know the payer’s identity with crypto payments?

Because of the way blockchains work, there is no simple way to tell if the cryptocurrency belongs to a specific person, since there is no requirement to attach a real-world identity to a crypto wallet address. 

But most crypto payments are made from custodial wallets on centralised exchanges and most exchanges require that customers share their full name, government-issued ID, and up-to-date address information during signup.

Depending on your risk appetite, you can work with your payments partner to apply flags to payments received from other wallet types, where a user may not have gone through onboarding for example.

Regulators around the world are introducing new rules around customer identification for businesses who handle crypto assets, based on guidance issued by ​the Financial Action Task Force (FATF). The so-called 'Crypto Travel Rule’ will mean that in some cases (depending on transaction amount for example), crypto asset service providers and intermediaries have to share information about the payer and the beneficiary of a crypto asset transaction.

Meanwhile, the industry is also developing its own solutions to customer identification, with a number of companies pioneering reusable and portable ‘passes’ to allow cryptocurrency holders to prove their identity once, and attach that proof to all their blockchain transactions.  

“The financial sector has had to adapt their controls, and put a stronger focus on transaction history and transaction behaviour. Here the blockchain can give us incredible insights.”
Markus Kemptner
Head of Anti-Financial Crime Architecture and Intelligence, BVNK

Can you verify the source of funds with crypto payments?

While there is no simple way to tell if the cryptocurrency belongs to a specific person, you can capture a lot of detail about the provenance of funds moving over a blockchain. 

Each transaction has a unique transaction identifier, which is assigned when the transaction is started and is visible, permanent and auditable. This means that you can tell with a high degree of confidence if the cryptocurrency you’ve received is connected to illicit activity through continuous transaction monitoring and the KYT practices described earlier in this article.

Can you force closed loop payments with crypto?

‘Closed loop payments’ refers to a payment flow which ensures both inbound and outbound payments are made from and to the same registered customer, ie payouts to a customer are sent to the source of deposit.

In most cases, you can’t force ‘closed loop’ payments automatically on the blockchain. This is because most payers make payments on the blockchain using ‘custodial wallets’ held on centralised exchanges. 

For instance, if a customer deposits funds from their preferred exchange wallet, the payment is issued from a wallet belonging to the exchange. But if you want to pay back to that same customer, the address will be different, as the customer will have a dedicated beneficiary address issued by that exchange.

Because of this it may appear that the payment is not returned to the source, though in reality it is being paid back to the same person. 

There are some circumstances where you can force closed loop payments on the blockchain:

  1. When payments are made from self-custody wallets on account-based blockchains like Ethereum. These blockchains work more like email, meaning if you receive a payment you can send it back to the same address. However, some payment teams may prefer not to accept payments from self-custody wallets at all, since they don’t support customer verification.
  2. Where large payments are being made and you can justify a manual process, you can ask the payer to submit a screenshot to manually match the transaction hash from wallet to wallet.

Again, it’s important to remember that blockchains give you new and powerful ways to mitigate risk, through enhanced KYT practices I covered earlier in this article.

Reframing AML for blockchain

Regulations have been in play for a long time to help clamp down on illicit activity and mitigate money laundering risk across blockchains. The Financial Action Task Force (FATF) began publishing guidance on cryptocurrency anti-money laundering (AML) in 2014 and today various regulatory bodies have codified their recommendations into law.

As regulators continue to develop the rules, payments and compliance teams and their providers are reframing how they think about AML and counter financing of terrorism (CFT), harnessing the power of the blockchain in the fight against financial crimes. 

Despite high profile bad actors in the space, DLT payments can be as safe and often more safe than traditional payments, if you work with the right payment partners and combine it with the right technology and AML practices.

Learn how a payment partner can support you with DLT payments

Read our Buyer’s guide to blockchain payments or contact a member of our team.
Access the free guide
Subscribe

Get payment insights straight to your inbox

Thank you! You're signed up for the BVNK newsletter.
Oops! Something went wrong while submitting the form.