When determining highest-risk customers under a risk-based approach, firms must consider

transaction patterns, jurisdictions, counterparties, and destinations:

B: Large deposits by a student, rapidly converting to crypto and sending to another VASP, suggest

potential layering and third-party funding risk.

D: Daily inbound transfers from a foreign VASP to a private (unhosted) wallet indicate consistent

high-risk exposure — especially cross-border transactions involving unregulated or weakly regulated

jurisdictions.

While VPN use (A) can be a red flag, on its own it is lower risk than significant suspicious fund flows.

Paying suppliers in crypto (C) can be legitimate for businesses. A large donation to a charity (E) could

be flagged depending on jurisdiction and cause, but is generally less inherently suspicious than B and

D unless linked to high-risk entities.

FATF, DFSA, and FSRA AML rules stress that ongoing monitoring should identify these high-frequency,

high-value, cross-border crypto flows as priority for Enhanced Due Diligence (EDD) and possible

Suspicious Transaction Reports (STRs).