On-Chain Analytics · Regulatory Mapping · Virtual Asset Typologies

Crypto & Financial Crime

Virtual assets create a new surface for financial crime — pseudonymous, borderless, and programmable. This project works on two tracks: a regulatory research thread mapping how FATF, MAS, and the EU are attempting to govern what they can barely see, and a hands-on analytical thread tracing transaction flows through documented case study data to surface the structural features that distinguish illicit clusters.

Python · networkx Elliptic Dataset Etherscan API FATF R.15 MAS PSN02 MiCA · TFR Ongoing ◉

◎ Regulatory Essay Seven sections — FATF R.15, Travel Rule, MAS PSN02, MiCA/TFR comparative mapping

◈ On-Chain Analysis Elliptic graph feature analysis — illicit vs licit structural signatures, betweenness & clustering

◇ Bitfinex Case Study Transaction flow & hop structure from the 2016 hack — real-world layering visualised

Track One — Regulatory Essay

Research

Writing

Complete

Track Two — On-Chain Analysis

Data Setup

Analysis

Published

Why crypto disrupts conventional AML logic

The AML framework built over the past thirty years rests on a set of assumptions that virtual assets systematically break. Financial institutions as obligated entities — responsible for identifying customers, monitoring transactions, and filing suspicious activity reports — depend on the existence of intermediaries with customer relationships. Crypto, at the protocol level, has no such intermediary. Transactions move peer-to-peer, across jurisdictions, at near-instant settlement, without correspondent banking, clearing houses, or any of the chokepoints where AML monitoring conventionally sits.

Pseudonymity compounds the problem. Blockchain addresses are publicly visible — every transaction on a public chain is permanently recorded — but the link between an address and a real-world identity is not inherent to the protocol. The ledger is transparent; attribution is not. This creates an unusual analytical situation: more data is available than in conventional finance, but the analytical work required to make it meaningful is substantially greater.

The regulatory response has been uneven. FATF updated Recommendation 15 to include virtual assets in 2019 and has revised its guidance twice since. By its own 2023 assessment, 75% of jurisdictions remain only partially or non-compliant with its virtual asset standards. The gap between standard-setting and real-world implementation is itself the story.

Track one — regulatory mapping

The research thread maps how three major jurisdictional frameworks are approaching virtual asset AML: FATF's global standard-setting through Recommendation 15 and the Travel Rule, Singapore's domestic implementation through MAS PSN02 and the Payment Services Act licensing regime, and the EU's bet on harmonised regulation through MiCA and the Transfer of Funds Regulation.

The analytical interest is not in describing each framework in isolation but in comparing them: different jurisdictions making different bets about where to place regulatory requirements, what de minimis thresholds to set, how to handle unhosted wallets, and what enforcement capacity they can realistically bring to bear. For Singapore specifically, the Travel Rule's S$1,500 threshold and the practical implementation challenges at smaller Virtual Asset Service Providers are directly relevant to the regional compliance landscape.

The full essay — seven sections from the structural problem through to open questions — is being written in stages and published as sections are ready.

Published

→

Virtual Assets & the AML Regime

Seven-section research essay mapping FATF R.15, the Travel Rule, MAS PSN02, and EU MiCA/TFR. Draft in progress — sections published as completed.

III

Track two — on-chain analysis

The hands-on thread uses the Elliptic academic dataset — a publicly released, labelled Bitcoin transaction graph classifying nodes as illicit or licit based on ground-truth investigations — to examine whether illicit wallet clusters show structurally distinguishable features from licit ones at the network level.

The analytical question is specific: do illicit nodes differ from licit nodes in graph-level features — degree centrality, clustering coefficient, transaction volume distribution, hop distance from known mixer addresses — in ways that are consistent with the operational logic of the typologies they represent? Mixing behaviour, chain-hopping, and rapid value dispersion across multiple addresses all have structural signatures. This analysis asks whether those signatures are visible in the aggregate graph data.

This is descriptive network analysis, not a classification model. The goal is to show what the data makes visible, connect those features to FATF virtual asset typology language, and demonstrate analytical literacy in a domain where most practitioners are still finding their footing. A secondary illustration uses Etherscan API data around the publicly documented Bitfinex 2016 hack — a fully traceable on-chain case study in large-scale layering — to ground the abstract analysis in a concrete, real-world example.

◈

Elliptic Graph Analysis

Illicit vs licit node feature distributions — degree centrality, clustering coefficient, mixer hop distance. In progress.

Data Sources

Elliptic Academic Dataset

Labelled Bitcoin transaction graph with ground-truth illicit/licit node classifications — released for academic research on financial crime detection. Primary dataset for graph feature analysis.

Etherscan API

Public Ethereum transaction data — wallet balances, transfer histories, contract interactions. Used for the Bitfinex case study illustration of on-chain layering patterns.

FATF Virtual Asset Guidance (2021, rev. 2023)

Primary regulatory reference — Recommendation 15, Travel Rule implementation, and typology indicators for mixer usage, chain-hopping, DeFi layering, and P2P network exploitation.

Output & analytical deliverables

Track one delivers a completed seven-section regulatory essay — analytical prose, not a literature review. Each section takes a position and makes an argument, grounded in primary regulatory documents and relevant case material. The comparative framework (FATF vs MAS vs EU) is the intellectual contribution: mapping where the three approaches converge, where they diverge, and what those divergences mean for compliance practitioners operating across jurisdictions.

Track two delivers a Python notebook containing the Elliptic graph analysis — feature computation, distribution visualisation, and annotated interpretation — alongside a focused Bitfinex case study showing transaction flow and hop structure from the 2016 hack addresses. A connecting section ties both tracks together: what on-chain data makes structurally visible, and which FATF typology indicators it maps to.

◇

Bitfinex Case Study

Transaction flow & hop structure from the 2016 hack — large-scale on-chain layering traced through Etherscan data. In progress.

◉

Ongoing — regulatory essay sections published as completed. On-chain analysis notebook will be published when the Elliptic graph analysis is complete.