AML

AML (Anti-Money Laundering) is the regulatory regime that requires regulated intermediaries to detect, document and report attempts to legitimise criminally derived funds. In crypto, AML obligations attach to exchanges, custodial wallets, OTC desks, fiat gateways — anyone FATF classifies as a VASP (Virtual Asset Service Provider).

In most jurisdictions AML is bundled with CFT (Combating the Financing of Terrorism), giving rise to the common acronym AML/CFT.

What an AML programme contains

• KYC and customer identification. Everything else builds on knowing who the account holder actually is.
• Customer Due Diligence (CDD). Risk profiling — country, occupation, expected transaction volume.
• Transaction monitoring. Automated rules that flag suspicious patterns such as structuring, rapid pass-through flows, or interactions with addresses on sanctions lists.
• SAR / STR (Suspicious Activity / Transaction Reports). When activity looks suspicious, the intermediary must file a report with the national financial-intelligence unit (FinCEN in the US, FIUs across the EU and other jurisdictions) within set deadlines.
• Record retention. Typically 5-7 years after the customer relationship ends.

The global standard: FATF

International AML rules are shaped by FATF (Financial Action Task Force). Its Recommendation 15 extends AML requirements to virtual assets and VASPs. National regulators implement the details, but almost always against FATF’s benchmark — a country that fails to comply lands on grey or black lists and loses correspondent-banking access.

Risks for TON users

The blockchain itself does not distinguish “clean” from “dirty” Toncoin. Counterparties — exchanges and fiat gateways — do.

• Mixers and mixer-like services. A transfer routed through an anonymisation service raises a risk flag at any receiving exchange and can lead to a frozen deposit.
• Sanctioned addresses. If your counterparty is on the SDN or EU sanctions lists, your own address can pick up a tag in risk engines like Chainalysis or Crystal.
• High-risk jurisdictions. Transfers from an exchange registered in a high-risk country can complicate deposits on a regulated venue in the EU or US.

AML tooling for projects

VASPs and the larger DeFi projects rely on commercial AML engines:

• Chainalysis — the best-known vendor; TON support has been available since 2024.
• Crystal Intelligence — a European competitor focused on investigations.
• TRM Labs, Elliptic — the next tier, with proprietary datasets.

These systems build a transaction graph, label addresses by category (exchange, mixer, ransomware, sanctioned) and emit a risk score for each incoming payment. The exchange then decides whether to accept, ask follow-up questions or refuse the deposit.

What this means in practice

• Ordinary non-custodial wallet users have no direct AML obligations.
• When sending funds to an exchange, avoid intermediate steps through services with opaque reputations.
• If a wallet receives an unexpected “airdrop” from an unknown address, it is usually safer to ignore it: this can be address poisoning intended to taint the address’s risk score.

This is general information, not legal advice; specific requirements depend on jurisdiction and change frequently.