On February 5, 2026, Global Ledger joined AML Certification Centre for a joint webinar, “From Exposure to Action: Risk-Based Use of Blockchain Analytics in AML.”
Representing Global Ledger, Yulia Murat, Head of Regulatory Affairs, shared practical insights on how compliance teams can interpret on-chain exposure, set clear and realistic exposure thresholds, and translate analytics insights into concrete AML actions.
The session combined regulatory perspective with hands-on operational experience, alongside insights from Andrei Sribny, CASS, CAPS, Chief Executive Officer at AML Certification Centre, and Azrie Affendie, Financial Crime Program Manager at Blockchain.com.
The discussion focused on how exposure data should be assessed in practice, especially in cases involving sanctions, mixers, and darknet-related activity.
A core clarification from the session was that exposure is not a feeling and not a conclusion. It is a measurable “connection” between a customer and a flagged counterparty or risk cluster.
When compliance teams see an exposure figure in a blockchain analytics tool, the right response is not “is it above the threshold?” The right response is to understand what sits behind that number: the path, the amount involved, and the time window.
Practically, exposure always answers three questions:
A single touchpoint from years ago, many hops away, carries a very different meaning from repeated, recent exposure combined with rapid inflow and outflow of funds. The recommended workflow was clear: do not start with “is it above X percent?” Start with “what is the path, how recent is it, and is there a pattern?” Without this context, the number alone is difficult to interpret and even harder to defend during audit or regulatory review.
One of the strongest operational messages was the distinction between direct and indirect exposure:
According to the 2025 Laundering Race Report, among 255 crypto hack cases, $2.01B was routed through bridges. That represents nearly 50% of total losses and over three times more than funds routed via mixers and privacy protocols, reflecting the structural role of cross-chain infrastructure.
When indirect exposure appears, it is advisable not to jump to conclusions. Confirm the path length, the type of intermediary, and the time window. Indirect exposure usually requires contextual blockchain investigation, pattern analysis, and documented rationale rather than automatic escalation.
Sanctions are not just another risk label — they may create immediate legal obligations.
Even low-percentage exposure may be operationally critical depending on jurisdiction and internal controls. A direct transaction with a designated entity typically requires urgent escalation, verification, and application of the sanctions framework.
Indirect exposure to sanctioned entities is more complex. A customer may be linked via a large intermediary that also services designated addresses. That does not automatically mean the customer is dealing with a sanctioned party, but it does require structured triage.
For sanctions-related cases, decisions tend to be rule-driven and time-sensitive. Analytics identifies the path while escalation logic and documentation must be clearly defined internally.
Another key insight was that a threshold is not a final decision rule. It is a controlled trigger within a broader AML framework.
When a threshold is hit, it means: open a case and look closer. It does not mean: file a report or classify the customer as high risk immediately.
Before making a decision, compliance teams must assess exposure results within the full customer context. This includes:
The goal is consistency. Decisions must be explainable, repeatable, and defensible to regulators and auditors. Thresholds should support triage and prioritization, while judgment, investigation, and documentation complete the process.
Real-life examples from the webinar highlight a critical point: exposure data must be interpreted within the full customer context before determining escalation. Here are three examples of how this principle applies in practice:
A defensible AML framework in crypto is not built on numbers alone. It is built on сlear definitions, structured investigation logic, contextual decision-making, and consistent documentation. These are not only internal best practices but are also the very elements regulators look for when assessing whether a compliance framework is aligned with their expectations.
From an operational perspective, regulators and auditors focus on:
Get the VASP Regulatory Compliance Checklist 2026 to stay aligned with evolving crypto regulations, including MiCA, 1099-DA, and the Travel Rule.
As the digital asset ecosystem evolves, transaction flows are becoming more complex and layered. Funds may move quickly across multiple intermediaries and chains, making risk exposure less immediately visible.
For compliance teams, this increases the need for consistent, real-time monitoring and structured risk-based analysis. Global Ledger enables early detection of exposure before it becomes a blind spot with KYB and KYT solutions — combining entity exposure and risk reports, real-time transaction monitoring with AI-powered alerts, and fund flow visualization.