Step 06 · Blockchain Analytics · Ongoing Compliance

Ongoing Transaction Monitoring

The FATF's "ongoing monitoring" language operationalized: blockchain analytics, P2P pattern detection, and the KYT vs. KYC distinction that determines when each check fires.

FATF Requirements

What "Ongoing Monitoring" Means Operationally

The big picture: Unlike gates that fire once, monitoring is a concurrent observer that spans multiple STP stages (S4–S7) without blocking settlement.

  • Checkpoint type: Monitor (Circle) — observes without halting, unlike Gates (Hexagon) that block
  • Spans S4–S7 — from negotiation through facilitation, monitoring runs as a parallel process
  • Fires continuously — not a one-time check but an ongoing obligation throughout the relationship
  • Triggers SAR filing — if suspicious patterns detected, obligation shifts from Monitor to Obligation (Diamond) at S8

Blockchain Analytics Vendors

The Monitoring Landscape

Vendor Product Chains Covered Key Capability
Chainalysis KYT (Know Your Transaction) Ethereum, Base, TRON, Solana, 20+ chains Real-time risk scoring, sanctions screening, pattern detection
Elliptic Nexus 100+ blockchains Cross-chain tracing, holistic screening, wallet profiling
TRM Labs TRM Forensics Ethereum, TRON, Solana, 25+ chains Investigation tools, cross-chain graph analysis
Scorechain Scorechain Analytics 20+ blockchains Compliance scoring, risk categorization, reporting

Key Distinction

KYT vs. KYC — When Each Fires

How it works: KYC and KYT are complementary but fire at different points in the compliance pipeline.

  • KYC (Know Your Customer) — fires at S2 (Identity). Gate checkpoint. One-time onboarding verification. Determines who the entity is.
  • KYT (Know Your Transaction) — fires at S4–S7 (Negotiation through Facilitation). Monitor checkpoint. Continuous. Determines what the entity is doing.
  • Together — KYC answers "who?" at the start. KYT answers "what are they doing?" throughout. Both are required by Rec 15.

Threat Landscape

P2P Patterns That Bypass Intermediaries

Why it matters: The FATF specifically flags P2P transactions as the primary gap in stablecoin compliance.

  • Direct wallet-to-wallet — no intermediary VASP, no Travel Rule triggered, no monitoring possible through traditional channels
  • DEX routing — decentralized exchanges create transaction opacity; analytics tools must trace through AMM pools
  • Cross-chain bridges — bridging from regulated chain to unregulated chain breaks the monitoring chain
  • Privacy protocols — Tornado Cash-style mixers and ZK-powered privacy tools fragment transaction trails
  • FATF's answer — Rec 15 governance controls (freeze/burn/deny-list) are meant to be the backstop when monitoring fails