What is AML?

AML stands for Anti-Money Laundering. It refers to a body of regulations and procedures that financial institutions are required to follow to detect and prevent money laundering, terrorist financing, and other illicit financial activity. AML is the sibling of KYC: KYC verifies who you are, while AML monitors what you do.

AML and crypto

Crypto businesses — including exchanges, payment processors, custodial wallet providers, and on-ramp services — are treated as money services businesses in most jurisdictions and are required to implement AML programs. The core obligations include:

• Customer identification program (CIP) — verifying customer identity at onboarding (the KYC piece).
• Suspicious activity reporting (SAR) — filing reports with the relevant financial intelligence unit (FinCEN in the US, the FCA in the UK, etc.) when transactions appear to involve illicit funds.
• Sanctions screening — checking customers and counterparties against sanctions lists (OFAC in the US, EU sanctions, UN sanctions).
• Record keeping — retaining customer and transaction records for a period of years (typically five).
• Transaction monitoring — automated systems that flag unusual patterns for human review.

The FATF (Financial Action Task Force), an intergovernmental body, sets the global standards that most national regulators follow. Its “Travel Rule” — which requires originator and beneficiary information to travel with crypto transfers above a threshold — has been progressively adopted by national regulators and is now the source of most major crypto businesses’ compliance overhead.

What AML means for users

For most users, the practical impact of AML is invisible: it shows up as the verification process during onboarding, occasional holds or reviews on withdrawals, and limits on what you can do before completing higher verification tiers. A small minority of users encounter AML directly when:

• Their account is flagged for activity that looks like money laundering (rapid cycling between accounts, unusual structuring patterns, counterparties in sanctioned jurisdictions).
• A regulator requests information about a specific transaction.
• A bank or processor severs a relationship with a crypto business, which can disrupt service.

The reason exchanges ask you to declare the source of your funds for large deposits is AML. The reason some exchanges restrict withdrawals for the first 24-72 hours after a fiat deposit is AML. The reason exchanges file paperwork when you withdraw more than a certain threshold is AML.

Travel Rule

The most consequential AML provision affecting crypto users today is the Travel Rule. Adopted in stages since 2019, it requires virtual asset service providers (VASPs) — including exchanges, payment processors, and custodians — to share originator and beneficiary information when transferring value above a threshold (typically $1,000, but varies by jurisdiction).

In practice, this means that when you withdraw crypto from one exchange to another, the sending exchange is now required to share your name, account number, and address with the receiving exchange. The receiving exchange then has to verify the information matches the beneficiary’s account. This is one of the reasons direct exchange-to-exchange transfers sometimes trigger verification or holds that crypto-to-crypto transfers between personal wallets do not.