Anti-money-laundering surveillance in a blockchain context is a race between detection speed and analytical depth. A real-time alert that a wallet has interacted with a sanctioned address is only useful if it arrives before the next transaction settles. A structural analysis that reveals a six-month layering pattern is only possible with the accumulated data that batch processing provides. Ludopoly Analytics resolves this tension by operating its AML engine at three distinct temporal resolutions, each optimised for a different class of threat.

The first tier processes rules in under one hundred milliseconds. These are the high-confidence, low-latency checks — blacklist matching against sanctioned wallet registries, threshold-based alerts for unusually large single transfers, and velocity anomaly detections that flag accounts executing an abnormal number of transactions within a short window. Every incoming event passes through this tier before reaching any other part of the system.

The second tier operates within a five-second window. It handles pattern-matching rules that require a small amount of contextual accumulation — structuring detection, where a series of transactions are deliberately kept below reporting thresholds, and layering analysis, where funds are routed through multiple intermediary wallets to obscure their origin. These patterns cannot be identified from a single event; they require a sliding window of recent activity.

The third tier runs on hourly and daily batch cycles. It performs the deep analytical work — long-term behavioural profiling, statistical deviation analysis, and the graph-based relationship queries that map multi-hop laundering networks. These computations are too resource-intensive for real-time execution but produce the highest-fidelity risk assessments in the system.

Traditional AML systems assign risk based on a single axis — typically the transaction amount. This produces unacceptably high false-positive rates because large transfers are not inherently suspicious, and small transfers that form part of a structuring pattern may be far more dangerous than any single large transaction.

Ludopoly Analytics computes risk through five independent dimensions. The transaction dimension evaluates amount, frequency, and timing characteristics. The counterparty dimension assesses the reputation and history of interacting addresses, including their proximity to known illicit entities. The behavioural dimension tracks deviations from a user's established transaction patterns. The geographic dimension incorporates jurisdiction-specific risk factors tied to IP metadata and chain-of-origin data. The profile dimension considers the user's overall account age, activity volume, and identity verification status — establishing a baseline against which anomalies are measured.

Each dimension produces a normalised score between zero and one thousand. These scores are combined through weighted aggregation — with weights that can be adjusted per jurisdiction and per project — into a composite risk score. The five-dimensional approach dramatically reduces false positives because a high score requires convergent evidence across multiple independent indicators rather than a single threshold breach.

The AML/CFT engine is designed to satisfy the compliance requirements of multiple regulatory frameworks simultaneously. FATF's updated Virtual Asset recommendation requires Virtual Asset Service Providers to implement transaction monitoring, suspicious activity reporting, and travel rule compliance. The European Union's MiCA regulation imposes detailed record-keeping, risk assessment, and reporting obligations on Crypto-Asset Service Providers. Turkey's MASAK mandates suspicious transaction reporting for domestic crypto platforms.

The engine's rule library maps directly to these requirements. Suspicious Activity Report (SAR) drafts are generated automatically from flagged transactions, including narrative summaries produced by the AI risk engine. Compliance teams can review, edit, and submit these drafts through the dashboard or export them in regulatory-standard formats. The modular compliance framework allows new jurisdictional rule sets to be added without modifying the core engine — a critical capability in a regulatory landscape that changes faster than most software development cycles can accommodate.