Financial scams and crimes are rampant. Anti-money laundering and other countermeasures are continually being ramped up, all the more so in response to criminal exploitation of cryptocurrency platforms.
Security, transparency and customer-protection provisions were necessary to rally bipartisan support for the GENIUS Act, the landmark U.S. stablecoin statute that President Donald Trump signed into law in July, and to move ahead with still-pending digital-asset legislation.
Proponents hailed the GENIUS Act as a long-awaited infusion of regulatory clarity. It was a shot in the arm to top stablecoin issuers Tether and Circle, as well as smaller rivals, and sparked numerous product initiatives and alliances among banks, payments organizations and technology providers.
Meanwhile, debate continues over the magnitude of crypto crime relative to the global money-laundering toll of as much $2 trillion annually, as estimated by the UN Office of Drugs and Crime.
It is a common refrain in the crypto community that problems remain far more severe in the cash economy and traditional finance. TRM Labs’ February 2025 Crypto Crime Report placed total transaction volume in 2024 at more than $10.6 trillion, 56% higher than in 2023. But the illicit portion, at least by preliminary estimate, was $45 billion. That was 24% less than in the prior year and equaled 0.4% of the total volume. The comparable 2023 ratio was 0.9%.
Chad Cummings: “Novel vectors for money laundering.”
Regardless, the new rules extend AML requirements that have evolved over the 55-year life of the Bank Secrecy Act, yet they are not compliance as usual.
“While this legislation may encourage innovation and increase consumer confidence through the involvement of established institutions, it also introduces new layers of systemic and compliance risk,” says Chad D. Cummings of Cummings & Cummings Law. “From an AML perspective, the risk profile of such institutional stablecoins may be lower than that of decentralized alternatives,” he explains, but “the scalability and programmability of these tokens, particularly if deployed on public blockchains, create novel vectors for money laundering if not paired with robust off-chain controls.”
“Crypto giants moved billions linked to money launderers, drug traffickers and North Korean hackers,” blared the title of a chapter of The Coin Laundry, an international investigative journalism project, published November 17, which “found major crypto trading platforms [to be] awash with dirty money.”
“In theory, regulators around the world are supposed to be looking over exchanges’ shoulders to make sure the company is complying with the law,” said the report. “But in practice, a patchwork of laws and fragmented enforcement efforts can mean less government oversight for an industry where the largest players facilitated tens of trillions in crypto trading last year.”
The U.S. falls within “a global patchwork of policies that range from total bans to full legal embraces.” Citing the Atlantic Council, the International Consortium of Investigative Journalists said cryptocurrency is mostly legal in 45 nations, partially banned in 20 and generally banned in 10.
This view of an Atlantic Council interactive map marks countries where cryptocurrency is generally banned.
One of the international legal experts quoted, Claudia M. Hernández, said, “Beyond preventing money laundering and financing of terrorism, we also need to put in place effective digital assets regulations worldwide to protect the people, the users of this technology.”
Hernández, an attorney based in El Salvador, added, “We need laws that foster international cooperation and clarity. You can’t prosecute crimes that you don’t contemplate in your laws.”
Underlining the AML, know your customer (KYC) and transaction monitoring requirements in place to police illicit finance, the Washington, D.C.-based Bank Policy Institute on November 3 stated: “To further combat the use of the digital asset ecosystem to facilitate crime, policymakers should ensure that digital asset intermediaries engaged in substantially similar activities as banks are subject to equivalent AML standards.” Those regulatory gaps must be closed to prevent money-laundering and terrorist-financing proceeds from moving through the U.S. digital asset ecosystem “and eventually into the more regulated ‘traditional’ financial system.”
"If these tokens are widely used for settlement or collateral purposes,” attorney Cummings intones, “a technical or cyber incident affecting a major issuer could propagate rapidly through financial markets, posing risks akin to those identified in the 2008 financial crisis."
Cummings pointed to “jurisdictional ambiguity” resulting from stablecoins operating across decentralized platforms and peer-to-peer ecosystems that do not enforce KYC or transaction monitoring protocols. That “complicates compliance efforts, particularly when tokens are swapped across multiple blockchains via bridges, some of which lack clear oversight or compliance infrastructure.”
Tracy Moore: “Shifting global expectations.”
Amid an evolving and uncertain international landscape, “institutions must now work to harmonize global standards within their compliance infrastructure,” Tracy Moore, director of thought leadership and regulatory affairs at Fenergo, wrote in a TabbFORUM article. “This means reassessing AML processes, transaction monitoring capabilities, and audit readiness to keep pace with shifting global expectations.”
Moore advised “enabling proactive compliance,” though cautioning that “it’s not necessarily a straightforward process.” Traditional institutions “may have an upper hand in having a framework for AML, KYC and transaction monitoring, [but] entering the crypto market may still require a revamp to ensure their processes are modernized, scalable, secure, and can properly handle the regulatory requirements these new assets bring forward.”
Proactive and real-time compliance automation powers blockchain-data analytics leader Chainalysis’ KYT – Know Your Transaction.
CipherOwl bills itself as “the only compliance infrastructure purpose-built for the onchain economy,” and screening over a million addresses per second. The AI-driven startup, co-founded by ex-Coinbase colleagues Leo Liang and Ming Jiang, recently raised $15 million in seed funding.
"The macro U.S. regulatory environment,” including the GENIUS Act, “put stablecoins into sharp focus for both traditional financial institutions and nonfinancial companies,” says Kristina Sanger, EY Americas’ Financial Crimes Crypto leader. “Not unlike cash and other traditional products that pose elevated financial crimes risks, stablecoins present compliance challenges for issuers and distributors. The underlying blockchain technology, however, has created an opportunity for novel approaches.”
Kristina Sanger: “Opportunity for novel approaches.”
Venture capital firm Andreessen Horowitz recommends reusable, decentralized digital identities to streamline customer-due-diligence and data management: “Financial institutions could use the unique characteristics of blockchains to allow customers to open accounts based on an already-conducted KYC process.
“For example,” says a16z in a comment letter to the U.S. Treasury Department, “a customer could undergo KYC at one financial institution – the initial verifying institution – and receive a token or similar credential attesting to their completion of the process. The customer could then use that token or credential to interact with other financial institutions” and not have to “go through the same KYC process at every single institution.”
When stablecoin transactions cross borders and lack transparency, “it’s hard to know where the money comes from, who is involved, and whether the usual AML rules are being followed,” observes Ahmed Drissi, the APAC AML lead for SAS, based in Singapore. In decentralized finance they may skip KYC checks, further complicating monitoring and screening.
As attractive as cross-border payments capability may be, the transactions can occur outside traditional, operationally reliable banking networks. “That makes regulatory oversight key," says Patrick Gerhart, president of banking operations at mobile/blockchain financial services provider Telcoin. Regulated firms have to adapt existing compliance programs for the digital assets and their risks.
Speaking on November 18 at the Futures Industry Association Expo, Acting Chairman Caroline D. Pham of the Commodity Futures Trading Commission discussed how “markets are global and increasingly 24/7, but bank rails are not.” To overcome time-bound limitations in those markets, blockchain is seen “as a means to deliver real-time collateral mobility without changing the character of the asset itself.”
“The public has spoken: Tokenized markets are here, and they are the future,” Pham remarked. “For years I have said that collateral management is the ‘killer app’ for stablecoins in markets.”
Stablecoin success will hinge on disciplined governance of reserves and redemptions, model-risk controls around analytics and monitoring, and operational resilience in the face of the unexpected. Banks and nonbanks that align AML/KYC, sanctions screening, and data lineage with token issuance – and test their controls under realistic run scenarios – can be well situated for further scaling of tokenized money.
“Effective controls in the digital asset space begin with a robust understanding of the product attributes, corresponding inherent risk exposure, and partnership between the business and compliance to design appropriate mitigating controls,” says Sanger of EY.
Particularly in need of attention, she continues, is “the scope of coverage, namely the need for stablecoin issuers to monitor risk exposure across the ecosystem, as compared to monitoring of cryptocurrency exposure to an exchange and its customers.”
Jeffrey Kutler of GARP contributed reporting for this article.