What Is AML (Anti-Money Laundering)

What Is AML and What Does It Cover in Practice

The meaning of AML (Anti-Money Laundering) becomes clear when looking at how financial institutions manage risk across the full lifecycle of a payment.

AML is not a single control but a framework of processes designed to detect, prevent, and report illicit financial activity. It applies both before and after a transaction takes place, combining identity verification with ongoing monitoring.

In practice, AML covers several core components:

• Customer due diligence: verifying counterparties, including ownership structures and source of funds, before transactions occur
• Transaction monitoring: analysing payment activity over time to identify unusual patterns or anomalies
• Sanctions screening: checking counterparties against government and international watchlists in real time
• Suspicious Activity Reporting (SARs): submitting reports to regulators when transactions meet defined risk thresholds
• Record-keeping: maintaining transaction and customer data for regulatory review over a defined period

The meaning of AML extends beyond onboarding. KYC (Know Your Customer) forms the entry point, but AML is the continuous process that monitors activity, enforces compliance, and ensures that payment infrastructure operates within regulatory boundaries over time.

What This Looks Like in a Real Payment Flow

A procurement team is settling a $180,000 invoice with a new supplier via stablecoin transfer. Here's what AML looks like behind that single payment:

The supplier was screened during onboarding, entity verified, directors checked, and the source of funds documented. That covered the KYC gate. But at the moment the payment is initiated, the platform runs another check: the receiving wallet and entity are screened against OFAC's SDN list, the EU sanctions register, and the UN Security Council list. The transaction amount and destination are evaluated against the account's prior behaviour.

If the supplier's entity name returns a partial match on a watchlist, the payment doesn't auto-cancel; it gets held. A compliance officer reviews the match, determines whether it's a false positive or a genuine hit, and either clears the payment or blocks it and files a SAR with the relevant regulator. The whole automated layer runs in seconds. The human review layer only activates when the automated layer finds something.

Why Stablecoin Payments Raise the Stakes

Traditional wire transfers pass through correspondent banks, each of which applies its own screening layer. Stablecoin payments don't work that way; once a transaction is confirmed on-chain, it is final. There is no recall, no intermediary to intercept it after the fact.

That makes pre-transaction AML controls the only real line of defence. If funds reach a sanctioned counterparty and settlement is final, the sending company carries regulatory exposure regardless of intent. For corporate treasury teams, this isn't a theoretical risk; it's the kind of compliance failure that triggers enforcement actions and personal liability for senior officers.

The platform a company uses for stablecoin payments either has AML embedded correctly in the payment flow, or it doesn't. There isn't a middle ground that satisfies regulators.

How Merge Handles It

AML screening in Merge runs inside the transfer flow, not alongside it; counterparty checks and transaction monitoring are part of Merge Transfer before any payment instruction executes. When a transaction is flagged, Merge Hold pauses it without cancellation, keeping the full audit trail intact while compliance teams review the case.