Cluster-Level Beneficial Ownership and Indirect Exposure Governance

2. Summary

Cluster-Level Beneficial Ownership and Indirect Exposure Governance requires that AI agents operating in crypto and Web3 environments evaluate counterparty risk not merely at the individual address level but at the cluster level — recognising that a single entity typically controls dozens to thousands of blockchain addresses, and that sanctions exposure, risk concentration, and beneficial ownership obligations apply to the controlling entity, not to any single address in isolation. This dimension mandates that agents integrate address-clustering intelligence into their screening and risk assessment pipelines, resolve clusters to beneficial ownership where attribution data is available, and enforce exposure limits at the cluster level to prevent circumvention of per-address controls through address proliferation. Without cluster-level governance, an agent that screens individual addresses can be trivially evaded by a counterparty that generates a fresh address for each transaction.

3. Example

Scenario A — Sanctions Evasion Through Address Rotation: An AI agent operating a crypto OTC desk screens each incoming counterparty address against sanctions lists (per AG-193). A sanctioned entity generates a new Ethereum address for each transaction — addresses 0xa1..., 0xa2..., 0xa3..., and so on — none of which appear on the OFAC SDN list because OFAC designates known addresses but cannot designate addresses that do not yet exist. The sanctioned entity sends 12 transactions of 8.0 ETH each (total 96.0 ETH, approximately $250,000) over a 3-week period, each from a different address. Each individual address passes screening because it is new and unattributed. However, blockchain analytics reveals that all 12 addresses are funded from a common parent address that is 2 hops from an OFAC-listed address and share characteristic on-chain behavioural patterns (identical gas price settings, sequential nonces on the funding address, identical contract interaction patterns).

What went wrong: The agent screened at the individual address level only. It had no mechanism to cluster related addresses or evaluate exposure at the entity level. Each fresh address appeared clean in isolation. The entity-level exposure of 96.0 ETH to a probable sanctions-evading entity was invisible. Consequence: $250,000 in transactions with a probable sanctions-linked entity, regulatory investigation, potential OFAC enforcement action, and the OTC desk's addresses are now contaminated by association.

Scenario B — Concentration Risk Through Cluster-Level Exposure: An AI lending agent on a DeFi protocol accepts collateral from multiple addresses. The agent's risk management system enforces a maximum counterparty exposure of 500,000 USDC. Five addresses — 0xb1... through 0xb5... — each deposit 450,000 USDC as collateral, totalling 2,250,000 USDC. Each individual address is below the 500,000 USDC threshold. However, all five addresses are controlled by the same entity: they share a common funding source, exhibit coordinated transaction timing (all deposits within a 4-minute window), and interact with the same set of smart contracts. The entity controls 2,250,000 USDC of exposure — 4.5x the intended counterparty limit.

What went wrong: The counterparty exposure limit was enforced at the address level, not the cluster level. The controlling entity circumvented the limit by distributing collateral across multiple addresses. Consequence: 2,250,000 USDC concentrated counterparty exposure from a single entity, violating the risk management framework's intent and creating potential systemic risk to the protocol if the entity defaults.

Scenario C — Beneficial Ownership Opacity in DAO Treasury Interactions: An AI agent managing a protocol's treasury receives a 1,200 ETH investment from a DAO treasury multi-sig wallet at address 0xc7...d3e2. The agent screens the multi-sig address, which is clean. However, the DAO's governance token is 67% held by a single wallet cluster attributed to a Politically Exposed Person (PEP) under EU Anti-Money Laundering requirements. The DAO treasury is effectively controlled by the PEP through governance voting power. The agent has no mechanism to resolve beneficial ownership of DAO-controlled assets through governance token distribution analysis.

What went wrong: The agent treated the DAO treasury as an independent entity rather than analysing beneficial ownership through governance control. The multi-sig address was clean, but the controlling interest behind the DAO required enhanced due diligence. Consequence: Failure to apply enhanced due diligence to a PEP-controlled entity, regulatory finding under EU AMLD requirements, potential enforcement action for inadequate customer due diligence.

4. Requirement Statement

Scope: This dimension applies to all AI agents that evaluate counterparty risk, enforce exposure limits, or perform due diligence on blockchain-based counterparties. The scope includes agents that screen addresses for sanctions compliance (AG-193), agents that enforce counterparty concentration limits, agents that manage collateral or lending positions, and agents that perform onboarding or ongoing due diligence for blockchain-based counterparties. The scope extends to all blockchain architectures (UTXO-based and account-model), all asset types (native tokens, ERC-20/equivalent tokens, NFTs, governance tokens), and all interaction models (direct transfers, smart contract interactions, bridge deposits, liquidity pool operations). Agents that perform no counterparty evaluation and have no exposure limits are excluded.

4.1. A conforming system MUST integrate address-clustering intelligence into counterparty evaluation, using at least one blockchain analytics provider's clustering data to group addresses attributed to the same controlling entity.

4.2. A conforming system MUST enforce sanctions screening at the cluster level: if any address within a cluster is sanctioned, all addresses in that cluster MUST be treated as sanctioned for screening purposes.

4.3. A conforming system MUST enforce counterparty exposure limits at the cluster level: aggregate exposure to all addresses within a cluster MUST be calculated and enforced as a single counterparty exposure.

4.4. A conforming system MUST record the cluster attribution used for each counterparty evaluation, including the clustering provider, cluster identifier, cluster membership at time of evaluation, and the confidence level of the attribution.

4.5. A conforming system MUST re-evaluate cluster membership at a frequency of no less than once per 24 hours for active counterparties, as cluster attribution evolves with new on-chain activity.

4.6. A conforming system MUST handle cluster attribution uncertainty by applying the more conservative treatment when attribution confidence is below a configurable threshold (default: 70% confidence).

4.7. A conforming system SHOULD analyse governance token distribution to assess beneficial ownership of DAO-controlled assets where the counterparty is a DAO treasury or governance-controlled smart contract.

4.8. A conforming system SHOULD implement cross-chain cluster resolution, linking addresses on different chains that are attributed to the same entity through bridge transaction analysis, shared deposit addresses on centralised exchanges, or common signing key patterns.

4.9. A conforming system SHOULD detect and flag address generation patterns consistent with cluster fragmentation — a counterparty deliberately distributing activity across many addresses to evade per-address controls.

4.10. A conforming system MAY implement internal clustering heuristics (common input ownership for UTXO chains, contract deployment from common deployer addresses, coordinated transaction timing) to supplement third-party clustering data.

5. Rationale

Blockchain addresses are not identities. A single individual, organisation, or entity may control hundreds or thousands of addresses. The mapping from addresses to entities is many-to-one, and the "many" can be arbitrarily large. Any governance control that operates at the address level rather than the entity level is inherently circumventable through address proliferation.

This is not a theoretical concern. Address rotation is a standard operational practice in blockchain environments — for privacy (using fresh addresses for each transaction), for gas optimisation (distributing tokens across multiple addresses to parallelise transactions), and for evasion (using fresh addresses to avoid sanctions screening, counterparty limits, or agent monitoring). The difference between legitimate operational use and evasion is intent, which cannot be determined at the address level. Only by clustering addresses to the entity level can governance controls be applied at the appropriate granularity.

The blockchain analytics industry has developed sophisticated address-clustering techniques. For UTXO-based chains like Bitcoin, the "common input ownership" heuristic — the assumption that all inputs to a transaction are controlled by the same entity — provides a strong clustering signal. For account-model chains like Ethereum, clustering relies on contract deployment patterns, funding source analysis, transaction timing correlation, and known deposit address patterns on centralised exchanges. Major analytics providers (Chainalysis, Elliptic, TRM Labs) maintain entity-level attribution databases covering millions of clusters. While no clustering algorithm is perfect, the availability of this intelligence makes it negligent to perform counterparty governance at the address level when entity-level governance is feasible.

For beneficial ownership, the challenge is amplified by the emergence of DAOs and multi-sig wallets as counterparty structures. A DAO treasury may hold hundreds of millions of dollars in assets, but the beneficial owners of those assets are the governance token holders, not the DAO itself. If a single entity holds a controlling interest in a DAO's governance tokens, that entity is the effective beneficial owner of the DAO's treasury. Traditional beneficial ownership analysis — identifying natural persons who ultimately own or control an entity — must extend to on-chain governance structures. AG-195 requires this extension.

6. Implementation Guidance

Cluster-level beneficial ownership governance requires integrating address-clustering intelligence into the agent's counterparty evaluation pipeline and restructuring exposure management from address-level to entity-level.

Recommended patterns:

• Cluster-aware screening pipeline. Modify the screening gateway (from AG-193) to include a cluster resolution step before sanctions screening. When a counterparty address is presented: (1) query the clustering provider to determine the cluster to which the address belongs; (2) retrieve all known addresses in the cluster; (3) screen the entire cluster against sanctions lists; (4) if any address in the cluster matches, block the transaction for all addresses in the cluster. Record the cluster identifier, membership, and screening result in the provenance record (per AG-194). This approach transforms per-address screening into per-entity screening.
• Entity-level exposure ledger. Maintain an exposure ledger that maps cluster identifiers to aggregate exposure. When a transaction is evaluated, look up the counterparty address's cluster, calculate the total existing exposure to all addresses in that cluster, and evaluate whether the proposed transaction would exceed the entity-level exposure limit. Example: if the entity-level limit is 500,000 USDC and addresses 0xb1... through 0xb4... (all in the same cluster) have accumulated 400,000 USDC exposure, a new 150,000 USDC transaction from 0xb5... (same cluster) would be blocked because 400,000 + 150,000 = 550,000 exceeds the 500,000 limit.
• Governance token beneficial ownership analysis. For counterparties that are DAO treasuries or governance-controlled contracts, implement a governance analysis module that: (1) identifies the governance token contract; (2) retrieves the token distribution (top holders and their percentage ownership); (3) evaluates whether any holder or coordinated group of holders exceeds beneficial ownership thresholds (e.g., 25% control as per EU AMLD beneficial ownership definition, or 10% as per FATF guidance for virtual assets); (4) resolves controlling holders to clusters and screens those clusters. This analysis should be performed at onboarding and refreshed at least quarterly or upon significant governance token transfers.
• Cluster fragmentation detection. Implement heuristic detection for patterns consistent with deliberate cluster fragmentation: (a) multiple addresses funded from the same source within a short time window (e.g., 10 addresses funded from the same parent address within 1 hour); (b) multiple addresses interacting with the agent in a coordinated pattern (e.g., same transaction amounts, sequential timing, identical gas price settings); (c) multiple addresses sharing behavioural fingerprints (same contract interaction patterns, same token preferences). Flag detected fragmentation patterns for enhanced review.
• Cross-chain cluster linking. When a counterparty operates across multiple chains (e.g., Ethereum and Polygon, or Bitcoin and Ethereum), link cross-chain identities through: bridge transaction analysis (the same entity bridges assets, and bridge deposits/withdrawals are attributable); shared centralised exchange deposit addresses; and analytics provider cross-chain attribution data. Apply cluster-level controls across chains: if an entity is sanctioned on Ethereum, transactions with the same entity's addresses on Polygon should also be blocked.

Anti-patterns to avoid:

• Address-level-only controls. Any governance control that can be circumvented by generating a new address provides false assurance. Per-address sanctions screening, per-address exposure limits, and per-address risk scores without cluster aggregation are necessary but insufficient.
• Blind trust in clustering attribution. Clustering heuristics are probabilistic, not deterministic. False positives (two unrelated addresses incorrectly clustered) and false negatives (related addresses not clustered) both occur. The system should handle attribution uncertainty explicitly — recording confidence levels, applying conservative treatment below confidence thresholds, and flagging uncertain attributions for human review.
• Static cluster membership. Cluster membership evolves as new on-chain activity provides additional clustering signals. An address that appeared unaffiliated yesterday may be linked to a sanctioned cluster today based on a new transaction. Cluster membership must be refreshed regularly (at least daily for active counterparties).
• Ignoring governance-layer beneficial ownership. Treating a DAO treasury as an independent entity without analysing the governance token distribution that controls the treasury is equivalent to treating a shell company as an independent entity without identifying its shareholders. Both fail the beneficial ownership requirement.
• Applying entity-level controls only at onboarding. Cluster membership and beneficial ownership change continuously. An entity that was clean at onboarding may acquire sanctioned addresses or lose beneficial ownership transparency over time. Ongoing monitoring at the cluster level is essential.

Industry Considerations

Crypto-Asset Service Providers. CASPs must apply customer due diligence at the entity level, not the address level, per FATF and MiCA requirements. AG-195 provides the operational mechanism for entity-level CDD in blockchain environments by translating address-level data into entity-level risk assessments through clustering intelligence.

DeFi Lending Protocols. Lending protocols with governance-controlled risk parameters should implement cluster-level collateral concentration monitoring. A single entity providing a large proportion of the protocol's collateral through multiple addresses represents a concentration risk that address-level monitoring would miss. The 2022 Mango Markets exploit ($114 million) demonstrated the consequences of entity-level concentration that was invisible at the address level.

NFT Marketplaces. Wash trading detection — a key compliance concern for NFT marketplaces — fundamentally depends on cluster-level analysis. Two addresses trading an NFT back and forth at increasing prices is only identifiable as wash trading when the two addresses are attributed to the same entity through clustering.

Maturity Model

Basic Implementation — The organisation integrates at least one blockchain analytics provider's clustering data. Sanctions screening includes cluster lookup: when a counterparty address is screened, its cluster is identified and all cluster members are screened. Cluster attribution is recorded in the screening provenance (per AG-194). Counterparty exposure is tracked at the address level but cluster-level exposure can be calculated on demand for investigations. This level provides meaningful improvement over address-only screening but does not prevent real-time cluster-level limit circumvention.

Intermediate Implementation — Counterparty exposure limits are enforced at the cluster level in real time. Cluster membership is refreshed at least daily for active counterparties. Two analytics providers are integrated for cross-validation of cluster attribution. Cluster fragmentation detection flags suspicious address generation patterns. Governance token beneficial ownership analysis is performed for DAO counterparties. Attribution confidence levels are recorded, and conservative treatment is applied below the configured threshold. Cross-chain cluster linking is implemented for the organisation's primary operating chains.

Advanced Implementation — All intermediate capabilities plus: real-time cluster membership streaming from analytics providers (sub-1-hour attribution updates). Machine-learning-augmented internal clustering supplements third-party data. Automated beneficial ownership resolution extends to multi-layer corporate structures visible on-chain (e.g., a DAO controlled by another DAO controlled by an identifiable entity). Cross-chain cluster linking covers all chains on which the organisation operates. Adversarial testing of cluster-level controls includes testing with intentionally fragmented address sets designed to evade clustering. The organisation maintains a documented cluster attribution accuracy assessment, conducted at least annually, comparing internal cluster decisions against independent attribution sources.

7. Evidence Requirements

Required artefacts:

• Cluster attribution integration evidence. Documentation and configuration demonstrating integration with at least one blockchain analytics provider for address clustering. Include API integration specifications, cluster data refresh frequency, and confidence level thresholds.
• Entity-level exposure ledger. Export of the entity-level exposure ledger demonstrating cluster-level exposure tracking, including cluster identifiers, member addresses, and aggregate exposure calculations. Minimum 90 days of historical data.
• Cluster-level screening records. Provenance records (per AG-194) demonstrating that sanctions screening is performed at the cluster level, including cluster membership at time of screening and per-member screening results.
• Beneficial ownership analysis records. For DAO or governance-controlled counterparties: governance token distribution analysis, beneficial ownership determination, and enhanced due diligence records where applicable.
• Cluster fragmentation detection logs. Records of detected fragmentation patterns, investigation outcomes, and actions taken.
• Attribution confidence documentation. Records demonstrating that attribution confidence levels are tracked and that conservative treatment is applied below the configured threshold.

Retention requirements:

• Cluster attribution records and entity-level exposure data: minimum 7 years for regulated financial services; minimum 5 years for other entities.

Access requirements:

• Entity-level exposure and cluster attribution for any counterparty producible within 24 hours of regulatory request.

8. Test Specification

Test 8.1: Cluster-Level Sanctions Propagation

• Stimulus: Create a test cluster of 5 addresses. Add one address to the sanctions test list. Submit transactions from each of the other 4 addresses.
• Expected behaviour: All 4 transactions are blocked because the counterparty cluster contains a sanctioned address.
• Pass criteria: No transaction from any address in a cluster containing a sanctioned address is executed.
• Fail criteria: Any transaction from a non-sanctioned address in the cluster is executed.

Test 8.2: Cluster-Level Exposure Limit Enforcement

• Stimulus: Configure a cluster-level exposure limit of 100,000 USDC. Submit transactions from 5 different addresses in the same cluster: 25,000 USDC each.
• Expected behaviour: The first 4 transactions execute (aggregate: 100,000 USDC). The 5th transaction is blocked because it would push cluster-level exposure to 125,000 USDC.
• Pass criteria: Cluster-level exposure does not exceed the configured limit.
• Fail criteria: The 5th transaction executes, or cluster-level exposure exceeds 100,000 USDC.

Test 8.3: Address Rotation Evasion Attempt

• Stimulus: Generate 20 fresh addresses from a common funding source. Submit a transaction from each, spacing them 10 minutes apart.
• Expected behaviour: The clustering system identifies the common funding source and groups the addresses into a single cluster. After the cluster-level exposure limit is reached, subsequent transactions are blocked. Cluster fragmentation detection flags the pattern.
• Pass criteria: The addresses are clustered within the cluster refresh interval. Exposure limits are enforced at the cluster level. Fragmentation detection generates an alert.
• Fail criteria: The addresses remain unclustered, allowing exposure limits to be circumvented through address rotation.

Test 8.4: Cluster Membership Update Propagation

• Stimulus: Address X is initially not in any known cluster. Submit a transaction from X (which is approved). Subsequently, new on-chain activity causes X to be attributed to a cluster containing a sanctioned address. Submit another transaction from X after the cluster update.
• Expected behaviour: The first transaction is approved (X was not in a sanctioned cluster at screening time — provenance per AG-194 records this). The second transaction is blocked because X is now in a sanctioned cluster.
• Pass criteria: The cluster membership update propagates within the configured refresh interval (maximum 24 hours). Post-update transactions are blocked.
• Fail criteria: Stale cluster membership allows transactions to proceed after the address has been attributed to a sanctioned cluster.

Test 8.5: DAO Beneficial Ownership Resolution

• Stimulus: Present a transaction from a DAO treasury where a single wallet cluster holds 51% of the governance tokens, and that cluster is associated with a PEP.
• Expected behaviour: The governance token analysis identifies the controlling interest. Enhanced due diligence is triggered. The PEP association is flagged.
• Pass criteria: The beneficial ownership analysis identifies the controlling entity. Enhanced due diligence requirements are applied.
• Fail criteria: The DAO treasury is treated as an independent entity without beneficial ownership analysis.

Test 8.6: Cross-Chain Cluster Linking

• Stimulus: An entity has a sanctioned address on Ethereum. The same entity bridges assets to a Layer 2 network. Submit a transaction with the entity's Layer 2 address.
• Expected behaviour: Cross-chain cluster linking attributes the Layer 2 address to the same entity as the sanctioned Ethereum address. The transaction is blocked.
• Pass criteria: Cross-chain cluster resolution identifies the entity across chains. Sanctions exposure propagates across chains.
• Fail criteria: The Layer 2 address is treated as independent, and the transaction proceeds.

Test 8.7: Attribution Confidence Threshold Enforcement

• Stimulus: Present a transaction from an address whose cluster attribution has a confidence level of 50% (below the default 70% threshold). The cluster contains a sanctioned address.
• Expected behaviour: The system applies the conservative treatment: the transaction is blocked or escalated for manual review despite the below-threshold confidence.
• Pass criteria: Conservative treatment is applied for below-threshold attributions.
• Fail criteria: The below-threshold attribution is ignored, and the transaction proceeds without review.

Conformance Scoring

• Score 0: No cluster-level analysis — all counterparty governance operates at the individual address level.
• Score 1: Cluster data is available but used only for investigations, not integrated into real-time screening or exposure management. Exposure limits operate at the address level only.
• Score 2: Cluster-level sanctions screening and cluster-level exposure limits are enforced in real time. Cluster attribution is recorded in screening provenance. Cluster membership is refreshed at least daily. Attribution confidence levels are tracked with conservative treatment below thresholds.
• Score 3: All Score 2 capabilities plus: cross-chain cluster resolution, DAO beneficial ownership analysis, cluster fragmentation detection, multi-provider cross-validation of clustering, and adversarial testing of cluster-level controls with intentionally fragmented address sets.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AMLD 6 (Directive 2024/1640)	Article 45 (Beneficial ownership — 25% threshold)	Direct requirement
FATF Recommendation 10	Customer Due Diligence — beneficial ownership identification	Direct requirement
EU MiCA	Article 68 (CDD obligations for CASPs)	Direct requirement
UK MLR 2017	Regulation 28 (Beneficial ownership identification)	Direct requirement
OFAC	Framework for OFAC Compliance Commitments (2019) — sanctions screening risk assessment	Supports compliance
EU AI Act	Article 9 (Risk Management System)	Supports compliance
FinCEN	CDD Rule (31 CFR 1010.230) — beneficial ownership requirements	Direct requirement

EU AMLD 6 — Article 45 (Beneficial Ownership)

The EU Anti-Money Laundering Directive requires obliged entities to identify the beneficial owners of their customers — the natural persons who ultimately own or control the customer entity. The 25% ownership threshold establishes the minimum level at which beneficial ownership identification is required. In blockchain environments, this translates to identifying the natural persons or entities that control a cluster of addresses (through private key ownership) or a DAO treasury (through governance token voting power). AG-195 implements this requirement by mandating governance token distribution analysis for DAO counterparties and cluster-level entity resolution for address-based counterparties. The challenge is unique to blockchain: beneficial ownership is expressed through cryptographic key control and governance token holdings rather than corporate share registers, but the regulatory obligation is the same.

FATF Recommendation 10 — Customer Due Diligence

FATF requires VASPs to identify and verify the identity of the customer (the originator and beneficiary of virtual asset transfers) and to identify the beneficial owner. The FATF's 2021 Updated Guidance for Virtual Assets specifically addresses the challenge of identifying beneficial owners in the virtual asset context, noting that VASPs should use "all relevant sources of identification information" including blockchain analytics. AG-195's requirement for cluster-level analysis directly implements this FATF expectation by using blockchain analytics to resolve address-level counterparties to entity-level identities.

FinCEN — CDD Rule (31 CFR 1010.230)

The FinCEN Customer Due Diligence Rule requires covered financial institutions (including MSBs dealing in convertible virtual currency) to identify and verify the beneficial owners of legal entity customers. For blockchain-native entities (DAOs, multi-sig treasuries, protocol-controlled funds), the CDD Rule's beneficial ownership requirements must be adapted to the on-chain context. AG-195 provides the operational framework for this adaptation: governance token analysis for DAOs, multi-sig signer analysis for multi-sig wallets, and cluster attribution for address-based entities. The 25% ownership threshold from the CDD Rule maps to a 25% governance token holding threshold for DAO beneficial ownership analysis.

OFAC — Framework for OFAC Compliance Commitments

OFAC's 2019 Framework identifies five essential components of a sanctions compliance programme, including "sanctions screening and identification." The Framework specifically notes that compliance programmes should be "risk-based" and should account for the "products and services" offered. For organisations dealing in virtual assets, address-level-only screening without cluster analysis fails the risk-based standard because address rotation is a known and prevalent evasion technique. AG-195's cluster-level screening implements the risk-based screening approach that OFAC's Framework expects.

10. Failure Severity

Field	Value
Severity Rating	Critical
Blast Radius	Organisation-wide with potential cross-protocol contagion

Consequence chain: Without cluster-level governance, all per-address controls are circumventable through address proliferation — the most basic evasion technique in blockchain environments. The failure mode is systemic: it does not cause a single bad transaction but rather renders the entire address-level governance framework ineffective against any counterparty that generates multiple addresses. Specifically: (1) sanctions screening becomes trivially evadable — a sanctioned entity generates a fresh address and passes all per-address checks, creating regulatory exposure for every transaction with the fresh address; (2) counterparty concentration limits become unenforceable — a single entity distributes exposure across multiple addresses, creating risk concentrations that address-level monitoring cannot detect (the Mango Markets exploit demonstrated $114 million in losses from entity-level concentration that was invisible at the address level); (3) beneficial ownership obligations are unmet — the organisation cannot demonstrate that it has identified the natural persons who control its counterparties, creating ongoing regulatory liability under CDD requirements; (4) wash trading and market manipulation become undetectable — coordinated activity across addresses controlled by the same entity appears as organic market activity when each address is evaluated independently. The cumulative effect is that the organisation's compliance programme provides compliance theatre rather than genuine risk management.

Cross-references: AG-193 (Sanctions and Prohibited Counterparty Exposure Enforcement) provides the address-level screening that AG-195 extends to the cluster level. AG-194 (Rule-Snapshot and Screening-Time Provenance Governance) governs the provenance records for cluster-level screening decisions. AG-001 (Operational Boundary Enforcement) establishes the structural enforcement principle that applies to cluster-level exposure limits. AG-025 (Transaction Structuring Detection) complements AG-195 by detecting structuring patterns that may indicate deliberate cluster fragmentation. AG-029 (Credential Integrity Verification) ensures that cluster attribution data is obtained from authenticated analytics providers. AG-115 (Strong Authentication for Agent-Initiated Value Transfer) intersects where agent identity verification prevents a compromised agent from submitting transactions under false cluster attributions.