On-chain forensic analysis uses blockchain data to detect illicit wallet patterns and cluster associations.

Unhosted wallets allow direct user control without third-party oversight, making them harder to monitor and more vulnerable to misuse.

Suspicious Activity Reports (SARs) are a critical tool for law enforcement agencies. They are primarily used to develop intelligence on potential new criminal targets and to confirm or expand information about existing investigations. SARs do not serve as direct evidence of money laundering in court but provide leads and context that enable law enforcement to build cases.

The DFSA’s thematic reviews and AML guidance clarify that SARs assist in identifying emerging crime patterns and help intelligence units track suspicious transactions over time. They also allow law enforcement to corroborate data from other sources.

SARs help:

Develop intelligence on new targets (C) by revealing previously unknown suspicious behavior.

Confirm or develop information on existing targets (D) by adding transactional data and context.

Identifying regulatory failings (A) is primarily a supervisory function, and SARs themselves are not evidence for prosecution (B) but intelligence inputs.

Therefore, optionsCandDare correct.

Arestricted blockchainis one where participation—either in transaction validation, data access, or both—is limited to selected entities rather than being open to the public.

Consortium blockchain (D)is a common type of restricted blockchain in which multiple pre-approved organizations collectively manage the network. It offers partial decentralization but with controlled membership, making it suitable for regulated environments such as financial services, supply chain tracking, and interbank settlements.

Other options explained:

Hybrid (A):Combines elements of public and private chains, but not necessarily “restricted” in the strict governance sense.

Public (B):Open to anyone to join, read, and write data; not restricted.

Private (C):While private blockchains are also restricted, in AML/CFT guidance, “restricted blockchain” generally refers to consortium arrangements involving multiple vetted participants, rather than a single organization’s closed chain.

Regulatory and technical literature in DIFC/ADGM contexts note thatconsortium blockchainsallow for compliance controls, participant vetting, and transaction monitoring—making them particularly suitable for financial ecosystems where controlled access is essential.

Mixing and tumbling services are used to obscure the origin of funds by blending multiple transactions, resulting in unknown or disguised sources of funds. This is a classic money laundering technique.

Rapid trades (B), IP address obfuscation (C), and transactions to high-risk jurisdictions (D) are separate or related risks but not direct indicators of mixing/tumbling.

Public blockchain data is pseudonymous, meaning wallet addresses alone do not reveal the owner’s identity. To identify the natural person controlling the wallet, the VASP must acquire additional information, typically through customer due diligence (CDD) processes or data obtained from exchanges and counterparties, linking the wallet address to an individual.

Periodic review (A), transaction screening (C), and obtaining transactional data (D) support ongoing monitoring but do not alone establish identity.

AML and FATF guidance emphasize that ownership linkage requires collecting identifying information beyond blockchain data to comply with AML regulations.

Hash rate measures computational power in Proof-of-Work blockchains; higher hash rates mean more secure networks against 51% attacks.