StableKYT · Know Your Transaction

Ongoing Transaction Monitoring for Stablecoin Compliance

Where StableKYC gates identity at S2, StableKYT monitors at S4–S7. Chainalysis, Elliptic, and TRM at L4 Middleware. On-chain sanctions oracles at L3 Execution. GENIUS Act §104(d) monitoring obligations mapped to real infrastructure. The compliance layer that never sleeps.

See live demos → How monitoring works →

Visual Architecture

KYT Monitoring Depth Across Chains

Where transaction monitoring mechanisms embed in the five-layer Stablecoin Stack. Base leads at L3 with the Chainalysis on-chain sanctions oracle. TRON shows the gap.

USDC (Base)USDC (Ethereum)USDT (TRON)L5APPLICATIONISO L4Coinbase Commerce KYTSmart Wallet AlertsWallet Risk AlertsExchange MonitoringL4MIDDLEWARE / APIISO L3Chainalysis KYT APIElliptic LensChainalysis ReactorTRM Labs(Gap)L3EXECUTIONISO L2↑OFAC Oracle (on-chain)Transfer Hook AnalyticsERC-20 Event LogsL2CONSENSUSISO L2↓Sequencer VisibilityL1NETWORKISO L1LEGENDMonitor (transaction screening)Obligation (SAR filing)Gate (code-enforced only)Code-enforcedPolicy-enforced

The Monitoring Landscape

KYT Is Not Just "Transaction Screening"

Why it matters: GENIUS Act §104(d) creates ongoing transaction monitoring obligations that go far beyond one-time sanctions checks. PPSIs must continuously analyze behavioral patterns, track cross-chain flows, and update customer risk profiles in real-time.

  • Beyond sanctions — §104(d) requires behavioral pattern detection, not just OFAC screening. Structuring, layering, and round-tripping must be flagged automatically
  • Cross-chain blind spot — A USDC transfer bridged via CCTP from Ethereum to Base creates two separate on-chain events. Most KYT tools treat them independently
  • SAR obligation — §104(e) mandates SAR filing for transactions >$5K with suspicious indicators. The monitoring system must generate filing-ready data
  • Depth gap — Chainalysis/Elliptic/TRM sit at L4 (policy-enforced). The Chainalysis sanctions oracle at L3 is the only code-enforced KYT mechanism on general-purpose chains
KYT vs. KYC: Different Stages
Dimension KYC (S2) KYT (S4–S7)
Timing Pre-transfer During & post-transfer
Checkpoint Gate (blocks) Monitor (observes)
Subject Customer identity Transaction behavior
GENIUS Act §104(a)–(c), §104(h) §104(d)–(e)
Frequency Once (at onboarding) Continuous

Analytics Infrastructure

Three Platforms, One Monitoring Stack

Chainalysis, Elliptic, and TRM Labs provide the middleware-layer KYT infrastructure that PPSIs depend on. Each covers different analytical dimensions — none covers everything alone.

Chainalysis KYT + Reactor

How it works: Real-time transaction risk scoring via the KYT API, plus full graph analysis via Reactor for investigations.

  • KYT API — assigns risk categories (severe, high, medium, low) to every registered transfer
  • Reactor — traces fund flows across hops, mixers, and services for SAR-quality investigations
  • Sanctions Oracle — on-chain contract at L3 for code-enforced OFAC screening
Chainalysis S4–S7 Monitor L3–L4
Elliptic Lens + Navigator

How it works: Wallet screening and cross-chain transaction tracing with a focus on exposure analysis.

  • Lens — screens wallets for sanctions exposure, darknet market links, and mixer usage
  • Navigator — traces cross-chain fund flows across 100+ blockchains simultaneously
  • Enterprise API — integrates into compliance workflows for automated screening
Elliptic S4–S7 Monitor L4
TRM Labs

How it works: Cross-chain intelligence platform with entity attribution and multi-protocol analytics.

  • Transaction Monitoring — maps entity relationships across EVM, Solana, TRON, and Bitcoin
  • Forensics — investigative tools for tracing complex multi-chain fund flows
  • Risk API — programmatic risk scoring for automated compliance decisions
TRM Labs S4–S7 Monitor L4

GENIUS Act §104(d) & §104(e)

The KYT Obligations Every PPSI Must Meet

What to know: §104(d) creates ongoing transaction monitoring requirements and §104(e) mandates SAR filing for suspicious activity above $5K. Together, they define the KYT compliance surface that StableKYT maps.

Section Requirement KYT Function Severity
§104(d)(1) Real-time transaction monitoring for all customer transfers Chainalysis KYT API, Elliptic Lens, TRM Risk API Critical
§104(d)(2) Update customer risk profile when transaction triggers risk threshold Risk-trigger callback → KYC re-verification High
§104(d)(3) Behavioral pattern detection (structuring, layering, smurfing) Reactor graph analysis, heuristic rule engines Critical
§104(d)(4) Cross-chain transfer tracking across bridge and protocol hops Elliptic Navigator, TRM cross-chain module High
§104(e)(1) SAR identification: transactions >$5K with suspicious indicators Threshold monitoring + indicator flagging Critical
§104(e)(2) File SARs with FinCEN within required timeframe SAR generation + FinCEN BSA e-filing Critical
§104(e)(3) Retain SAR records for 5 years from filing date Compliance data retention infrastructure High
§104(e)(4) Notify law enforcement for transactions involving known threats Automated escalation + LEA notification workflow High

Live Proof-of-Concept Demos

Working Infrastructure, Not Slide Decks

Each demo calls real APIs or on-chain data. Full Cloudflare Worker source included — copy, deploy, and extend.

POC 01
Chainalysis OFAC Sanctions Oracle (On-Chain)

Query the Chainalysis sanctions oracle smart contract on Ethereum mainnet. Checks whether an address is on the OFAC SDN list via a code-enforced on-chain call — the L3 KYT mechanism that PPSIs need for real-time sanctions screening.

Chainalysis S4 Monitor · L3 Live on Ethereum
Chainalysis
POC 02
Transaction Pattern Analyzer

Client-side heuristic engine that detects suspicious transaction patterns — structuring, round-tripping, rapid movement, and smurfing. Maps each detected pattern to the specific §104 monitoring obligation it satisfies.

Cloudflare S4–S7 Monitor · L4 Interactive
Cloudflare
POC 03
GENIUS Act §104(d)/(e) Compliance Mapper

Interactive matrix mapping every §104(d) monitoring obligation and §104(e) SAR filing requirement to specific vendor capabilities. See which vendors cover which requirements — and where the critical gaps are.

Cloudflare S4–S7 Obligation · L5 Interactive
Interactive GENIUS Act compliance matrix. Each cell shows vendor coverage for specific §104 requirements.
Requirementchainalysiselliptictrm-labson-chain
§104(d)(1)
Real-time transaction monitoring
§104(d)(2)
Risk-trigger customer info updates
§104(d)(3)
Behavioral pattern detection
§104(d)(4)
Cross-chain transfer tracking
§104(e)(1)
SAR identification (>$5K + suspicious indicators)
§104(e)(2)
SAR filing automation
§104(e)(3)
SAR record retention (5 years)
§104(e)(4)
Law enforcement notification
Legend
Fully Covered
Partial Coverage
Gap
Cloudflare

The Identity Triad

KYC · KYA · KYT

Three sites, three compliance functions, one Identity domain (T6). KYC gates humans at S2. KYA gates agents at S2. KYT monitors transactions at S4–S7.

KYC
StableKYC
Human customers. PPSI CIP — identity verification, sanctions screening, secondary market identification. Gate at S2.
KYA
StableKYA
AI agents. Agent identity, delegation chains, capability tokens, credential verification. Gate at S2 for machine actors.
KYT
StableKYT
Transactions. Ongoing monitoring, behavioral risk scoring, Chainalysis/Elliptic/TRM integration. Monitor at S4–S7.

Platform Ecosystem

Built on Production Infrastructure

Chainalysis
KYT API, Reactor, Sanctions Oracle (on-chain), OFAC screening
Elliptic
Lens wallet screening, Navigator cross-chain tracing, Enterprise API
TRM Labs
Transaction Monitoring, Forensics, Risk API, Multi-chain analytics
Coinbase
Commerce KYT, Smart Wallet, AgentKit OFAC screening, Base L2
Cloudflare
Workers, Durable Objects, Pages, AI Gateway, x402 middleware