OFAC only applies to financial institutions, and maintains a centralized list yhat is checked on every transaction. If any of the endpoint data matches an individual on that list, money is allowed only to flow in to an account, never to leave. It's essentially a "you are banned from evonomic activity button".

But that's only a small part of the AML/KYC package. The other part is the active surveillance obligations on behalf of law enforcement that a financial has to engage in. I.e., the filing of SAR (suspicious activity reports), and reports whenever large amounts of cash are withdrawn from their custody. These are the AML side of things, that basically turns the financial system into an extension of paw enforcement.

This proposed KYC program from Commerce is applying the same template of obligations to U.S. cloud providers. Maybe it'll only be them for a few years, but much like FATCA ended up expanding OFAC's influence worldwide, so to likely will this be propagated worldwide.

Got it, in other words going beyond just a moment of someone signing up or putting in a credit card to actually continuously evaluating whether or not it looks like a user of the service may be on the list.. tricky indeed