Skip to main content

Performed checks

The KYT engine performs the following checks:

  • Sanctions/Watchlist Check: The engine screens all involved parties (sender and receiver) against global sanctions and watchlists. If a crypto address is present, it assesses associations with sanctioned entities or darknet markets using blockchain intelligence services.
  • PEP/High-Risk Individuals Check: The engine evaluates whether counterparties are Politically Exposed Persons (PEPs) or fall into other high‑risk categories.
  • Amount & Frequency Anomaly: The engine detects unusually large amounts or elevated transaction frequency relative to the user’s baseline profile (for example, a new user suddenly transferring $50,000 out).
  • Geographic Risk: The engine identifies whether the origin or destination involves high‑risk jurisdictions for money laundering or fraud (for example, countries with insufficient AML controls).
  • Transaction Pattern: The engine matches the transaction against known money‑laundering typologies such as structuring (smurfing), rapid in‑and‑out movement of funds (layering), use of mixers or other obfuscation services, or sudden activity after a long period of dormancy.
    info

    Zyphe’s AI models perform additional behavioral checks on transaction patterns. For example, the models flag sequences such as receiving funds from multiple unrelated accounts and quickly forwarding them elsewhere, which may indicate mule activity. These AI-driven checks add specific flags to the transaction for further review.

  • Asset Risk (for crypto): When cryptocurrency is involved, Zyphe checks the wallet risk score of addresses through integrated partners (Crystal Blockchain by default, or others like Chainalysis, Elliptic, TRM if configured). For example, if the user withdraws to an external wallet, the destination may be scanned for exposure to illicit activities (hacked funds, scams, etc.) and assigned a risk rating. If that wallet has been flagged previously, the transaction inherits higher risk.
  • Rule Checks: Any custom rules you configure are executed against the transaction data (for example, specific thresholds, blacklisted countries, or payment types).

This analysis happens in seconds or faster. Zyphe returns a risk assessment for the transaction to your platform (see the Integration section for response details). Most often, this will include a risk score/level and an alert status. Your system can then decide to allow the transaction, hold it, or require manual approval based on this information.