Maintain AML and CFT compliance in crypto

Global regulators have escalated the enforcement of anti-money laundering (AML) and countering the financing of terrorism (CFT) measures, making them a central consideration in how cryptocurrency firms operate, compete and scale. 

Digital assets offer speed, global reach and anonymity‑enhancing technologies. These characteristics are central to innovation, but have also created vulnerabilities for money laundering, sanctions evasion and other illicit activity. In response, regulators have demonstrated a clear commitment to enforcement, pursuing landmark actions against major exchanges and platforms and imposing record‑breaking penalties. 

Regulatory frameworks expanded in 2025, with growing cross‑border coordination. Compliance expectations are no longer evolving in isolation. Regulators are now operating with greater alignment on core principles, and firms face the need to manage their global exposure. Increased scrutiny of decentralized finance (DeFi), privacy‑enhancing technologies and cross‑border transactions has driven new expectations for transparency, accountability and real‑time risk visibility.

In this environment, crypto firms must invest in robust governance, proactive monitoring and scalable, risk‑based compliance programs. Those that act decisively will not only mitigate regulatory and reputational risks but also position themselves as trusted participants in an increasingly regulated digital economy.

The international Financial Action Task Force (FATF) continues to set the global standard for AML and CFT measures in the crypto space. The FATF has urged jurisdictions to strengthen enforcement, improve cross-border cooperation and address anonymity-enhancing technologies that increase money laundering and terrorist financing risks. This global push underscores the expectation that crypto firms adopt robust compliance frameworks aligned with FATF standards, regardless of local regulatory maturity.

The United States has historically lagged in creating a unified federal framework for crypto regulation. That changed in July 2025, with the passage of the GENIUS Act, a landmark law that subjects payment stablecoins to the Bank Secrecy Act (BSA).

“FATF has set the global baseline: crypto firms must meet AML and sanctions standards regardless of jurisdiction,” said Kyle Daddio, Grant Thornton Risk Advisory Services Partner and AML & Sanctions Practice Leader. “As federal oversight expands, crypto’s integration into the financial system now comes with full AML and sanctions accountability.”

These developments mark a shift toward deeper integration into the federal banking system, subjecting firms to rigorous AML and sanctions compliance requirements, comparable to traditional banks. This move signals that federal oversight — and the expectations that come with it — are here to stay.

The crypto industry’s compliance journey since 2023 is a cautionary tale of mounting regulatory pressure, record-breaking penalties and evolving enforcement strategies. As AML and sanctions rules have tightened globally, regulators have made clear that compliance is nonnegotiable.

2023: The wake-up call

November 2023 marked a turning point when the U.S. Department of the Treasury announced its largest-ever settlement. Binance, the world’s largest crypto exchange, was subject to a $4.3 billion penalty stemming from ineffective AML controls, transactions with sanctioned entities and failures in suspicious activity reporting. Beyond the financial hit, the case included criminal charges, a compliance monitor, and the CEO’s resignation — an unmistakable signal that regulators were ready to act decisively.

Earlier in 2023, Bitzlato, a lesser-known crypto exchange, was the target of a joint enforcement action by U.S. and international authorities. The exchange was accused of laundering funds linked to ransomware operations and darknet markets. Law enforcement agencies seized Bitzlato’s assets, arrested its founder and shut down the platform in a coordinated global operation.

This event is widely cited as a significant example of global cooperation in crypto enforcement and highlights the increasing scrutiny on exchanges facilitating illicit activity.

2025: Mixed signals

In January 2025, the U.S. Securities and Exchange Commission (SEC) dismissed its civil case against Coinbase, citing its new Crypto Task Force’s focus on rulemaking over punitive measures. This marked a moment of regulatory recalibration, with a suite of other proceedings dropped, including the civil enforcement case against crypto exchange Kraken and the criminal proceedings against Binance.

While the SEC signaled a regulatory reset in 2025 by pausing or dismissing several high-profile crypto cases, AML- and sanctions-related enforcement actions continued. Although Coinbase avoided penalties in the U.S., the Central Bank of Ireland fined Coinbase Europe Ltd. 21.5 million euros (about $25 million) for breaching AML and CFT transaction monitoring obligations between 2021 and 2025.

This underscores why firms offering crypto services must implement robust controls to detect and report suspicious transactions promptly.

How we can help you

SERVICES

Risk Advisory -->

SERVICES

Anti-money Laundering -->

Ready to talk? We’re ready to listen.

Request a meeting -->

Compliance for competitive firms

1. Robust governance and oversight: Senior leadership should be actively engaged in the AML and sanctions program, providing meaningful challenges, oversight and strategic direction. This involvement must set the tone from the top by demonstrating an unwavering commitment to a strong culture of compliance. Firms must ensure adequate resourcing and support for compliance functions and maintain strong oversight of third-party service providers to demonstrate accountability.
2. Dynamic and tailored risk assessments: Risk assessments should be tailored to the individual risks facing the firm, reflecting the unique mix of products, services customer base and geographic exposure. Inherent risks, an evaluation of the effectiveness of control environments, and an overall residual risk rating should be clearly documented. Action plans should be tracked to completion to address identified gaps promptly.
3. Advanced transaction and blockchain monitoring: Firms should leverage advanced blockchain analytics to gain real‑time visibility into on‑chain transactions, identify high‑risk wallet exposures, trace complex fund flows and enrich alerts with actionable intelligence, supporting faster, more accurate investigations and suspicious activity reporting. When paired with traditional AML monitoring, these tools enable scalable, technology-driven compliance capabilities.
4. Technology: Firms should implement controls to detect and prevent prohibited access, including screening of U.S. users attempting to open accounts or engaging in trading activity while masking their location using VPNs or other obfuscation tools. Firms with global operations should also establish separate, fully licensed U.S. subsidiaries to support regulated U.S. trading activity.

This heightened regulatory environment also presents opportunities.

Clearer global standards and landmark legislation are creating more predictable compliance requirements, enabling firms to build trust with regulators and customers. Conditional trust charters and licensing regimes signal deeper integration of crypto into mainstream finance, opening doors for institutional adoption and partnerships.

Firms that prioritize governance, transparency and technology-driven solutions will not only mitigate risk, but also position themselves as trusted leaders in an increasingly regulated digital economy. Those who act decisively today will shape the future of crypto tomorrow.