Canonical Statement

Crypto-related transaction monitoring and ongoing due diligence MUST be continuous, risk-based, and proportionate to the customer, portfolio, and activity profile rather than event-only or onboarding-limited.

Definition

Within this framework, ongoing due diligence for crypto activity means periodic and trigger-based reassessment of exposure, behavioural patterns, counterparties, and service usage across on-chain and relevant off-chain contexts, with documented monitoring logic and human-reviewed outcomes.

Why It Matters

Crypto exposure evolves quickly. Event-limited controls miss behavioural shifts and emerging patterns, while continuous monitoring supports timely escalation and defensible decisions.

Failure Mode if Ignored

Monitoring becomes episodic and non-reproducible, alerts cannot be tied to defined scenarios, and ODD actions are inconsistently documented, creating audit and supervisory weaknesses.

Scope & Non-Claims

This entry is scoped to regulated banking environments in the EU/UK and operational interpretation for crypto transaction monitoring and ongoing due diligence.

This entry does not provide legal advice, does not replace legal determination, and requires human validation for final compliance outcomes.

Related Concepts

• Regulatory scope of crypto compliance (EU) (regulatory-context)
• Wallets and portfolio-level assessment (EU) (model)
• Source of funds vs source of wealth (crypto) (EU) (definition)

Sources

• AMLR — Regulation (EU) 2024/1624
• MiCA — Regulation (EU) 2023/1114
• FATF Recommendations — Recommendation 10 and Interpretive Note