SIXPENCE
Back to Blog
7 min read

What Is Know Your Transaction (KYT) and How Does It Work?

Know Your Transaction (KYT) is the ongoing monitoring of crypto transactions to assess risk and support AML controls. Here is how it works and how Sixpence supports the workflow.

Research

What Is Know Your Transaction (KYT) and How Does It Work?

Direct answer

Know Your Transaction (KYT) is the ongoing monitoring of cryptocurrency transactions to assess risk, understand where funds come from and go to, and identify activity that may require further review. Where Know Your Customer (KYC) verifies who a customer is at onboarding, KYT looks at the transactions that follow. It is a practical building block that helps regulated firms operate the transaction-monitoring, investigation, and reporting controls associated with their anti-money-laundering (AML) obligations.

Why this matters

For a compliance or risk team, identity verification alone does not show what funds do after an account is opened. A verified customer can still send value to a sanctioned address or receive funds from a high-risk source. KYT gives teams a structured way to evaluate transaction risk continuously, document what they find, and maintain documented records for review, audits, and regulatory reporting.

How it works

KYT extends compliance "beyond identity checks to monitor ongoing transaction behavior." In practice it usually combines five elements:

  1. Real-time monitoring of transaction flows.
  2. Automated risk scoring of transactions and addresses.
  3. Analysis of where funds originated.
  4. Screening of receiving addresses.
  5. Behavioral analytics to identify unusual patterns.

KYT systems evaluate transaction risk using multiple signals. A transfer connected to a sanctioned address, or one matching a pattern the team has chosen to watch, can raise a risk score and generate an alert. Importantly, a risk score or alert is a decision-support signal, not proof of wrongdoing. What happens next depends on the firm's configuration, policy, and human review.

KYC and KYT: how they differ

KYC (Know Your Customer) KYT (Know Your Transaction)
Question it addresses Who is this customer? What risk signals are associated with their transactions?
When it runs At onboarding (point in time) Ongoing, in real time or at configured monitoring intervals
Typical inputs ID documents, sanctions and PEP name screening On-chain flows, counterparties, risk scores
Typical output A decision to approve or decline the customer A risk signal that can be reviewed and documented

KYC and KYT are complementary controls. KYC confirms identity once. KYT provides ongoing context about the transactions that follow.

Practical example or analogy

A useful way to frame it: KYC checks who entered, while KYT evaluates the risk signals associated with the transactions that follow. KYC answers a question at the door. KYT provides context over time, so a team can decide which activity deserves a closer look.

Key steps or considerations

A workable KYT process generally moves through these stages:

  1. Define risk appetite and rules. Decide which signals and thresholds matter for your business and jurisdictions.
  2. Monitor transactions against those rules in real time.
  3. Triage alerts. Separate likely false positives from activity that needs investigation. Both false positives and false negatives are expected, so tuning and data quality matter.
  4. Investigate with context. Trace fund flows, review counterparties, and gather supporting detail.
  5. Document and report. Record findings and, where appropriate, file a suspicious-activity or suspicious-transaction report (SAR or STR).
  6. Keep an audit trail. Maintain records that supervisors and auditors can follow.

The industry consistently notes that effective KYT depends on "sophisticated technology infrastructure, skilled personnel, and integration with existing compliance frameworks."

How Sixpence products support the KYT workflow

Sixpence offers distinct products for different stages of this workflow. They are separate tools with separate jobs, not a single bundle.

  • Monitoring and screening: LedgerBrain. LedgerBrain provides 24/7 real-time transaction monitoring with automated pattern detection and alerts, and screens addresses against OFAC, UN, and EU sanctions lists with a 0 to 100 risk score. Its job is the monitoring and triage stage: turning raw on-chain activity into structured risk signals a team can act on. It can also generate SAR and STR reports and supports Travel Rule information.
  • Investigation and case management: LedgerWatch. LedgerWatch provides a transaction graph with entity clustering and risk tags, plus case files with timelines, notes, and export for SAR and STR workflows. Its job is the investigation and documentation stage: helping analysts see how counterparties connect and where exposure sits across hops, then record findings in a reviewable case history.
  • Programmatic access: x402. For automated or agent-based clients that need a single check without a subscription, Sixpence offers pay-per-report KYT through its x402 API. The pricing, token, and integration details are set out in the x402 API documentation rather than here.

Final decisions still depend on the organisation's policies, evidence, and human review. The tooling structures the process; it does not replace judgement.

Limitations and compliance considerations

  • KYT is probabilistic. Scores indicate likelihood, not certainty, which is why configuration, data quality, and human review matter.
  • Regulatory frameworks differ and are distinct. Be precise about which source applies:
    • FATF Recommendation 16 is an international standard (the "Travel Rule") that recommends sharing originator and beneficiary information; it is not binding law by itself.
    • In the EU, the Transfer of Funds Regulation (Regulation (EU) 2023/1113) applies the travel rule to crypto transfers and, for crypto-asset service providers, has no de minimis threshold. It became applicable on 30 December 2024.
    • MiCA is a separate EU regulation covering CASP licensing and operation, also applicable from 30 December 2024. It is not the travel rule.
  • KYT is not, by name, a legal requirement. AML laws require monitoring, recordkeeping, and reporting controls. KYT tooling helps firms implement those controls; the legal obligation sits with the firm, not the tool.
  • Requirements depend on context. What applies to your business depends on your jurisdiction, your licence, and the activity you carry out. Treat this article as general education and confirm your obligations with a qualified compliance or legal adviser.

Frequently asked questions

Is KYT the same as KYC? No. KYC verifies identity at onboarding. KYT evaluates risk signals associated with transactions on an ongoing basis. Most regulated firms operate both.

Why was my crypto transaction flagged? (for individual users) A transaction can be flagged when a monitoring signal fires, for example exposure to a sanctioned or high-risk address. A flag is not an accusation. Depending on the provider's configuration and policy, the alert can be routed for review, and clear information about the source of funds can help that review.

Is KYT legally required? The term KYT is not itself written into law. AML laws and frameworks require transaction-monitoring and reporting controls, which KYT tooling helps implement. Specific obligations depend on your jurisdiction and licence.

Does a high risk score mean a transaction is illegal? No. A risk score is a decision-support signal that helps a team prioritise review. It is not proof of wrongdoing.

Conclusion

KYT turns one-time identity checks into ongoing, documented awareness of transaction risk. For compliance teams it supports the monitoring, investigation, and reporting stages that sit behind AML obligations. These map to distinct Sixpence products: LedgerBrain for real-time monitoring and screening, and LedgerWatch for investigation and case management. To see how they fit your own process, review the product details at sixpence.io or request a walkthrough with the Sixpence team.

Sources

All PostsBack to Home