top of page
Search

Stablecoins as a Laundering Vehicle: Regulatory Convergence Is Coming — But Not Fast Enough

  • Writer: TrustSphere Network
    TrustSphere Network
  • Apr 11
  • 4 min read

Stablecoins have emerged as the preferred medium of exchange in illicit crypto ecosystems. Unlike volatile cryptocurrencies such as Bitcoin or Ethereum, stablecoins — particularly USDT (Tether) and USDC — offer criminals the pseudonymity of blockchain transactions combined with the value stability of fiat currency. This combination has made stablecoins the dominant vehicle for sanctions evasion, ransomware payment settlement, and large-scale fraud proceeds layering.


The regulatory framework governing stablecoins remains fragmented and, in many jurisdictions, functionally inadequate. While the EU's Markets in Crypto Assets (MiCA) regulation represents the most comprehensive attempt yet to bring stablecoins within a prudential and AML/CFT framework, significant gaps remain — particularly in jurisdictions that serve as registration havens for virtual asset service providers (VASPs) with minimal supervisory infrastructure.


For financial institutions, the stablecoin risk is not confined to direct customer engagement with crypto. Correspondent banking relationships, payment processing for fintech clients, and indirect exposure through institutional clients' treasury operations all create pathways through which stablecoin-linked illicit flows can enter the traditional banking system — often without adequate detection controls at the point of entry.


Regulatory, Enforcement, and Market Context


FATF's updated guidance on virtual assets and VASPs, revised in 2023, explicitly addresses stablecoins and requires that jurisdictions apply the full suite of AML/CFT measures to stablecoin issuers and the exchanges that facilitate their conversion. The Travel Rule — requiring originator and beneficiary information to accompany virtual asset transfers — applies to stablecoin transactions and must be implemented by compliant VASPs. However, FATF's own mutual evaluation data indicates that fewer than half of assessed jurisdictions have fully implemented Travel Rule requirements.


OFAC has designated multiple USDT wallet addresses and associated entities linked to sanctions evasion by state actors including North Korea's Lazarus Group and Iranian-linked networks. The BIS has published analytical work documenting the use of stablecoins in cross-border sanctions circumvention, noting the particular challenge posed by decentralised exchange (DEX) platforms where no centralised entity exists to implement screening controls. Regulation Asia has covered enforcement actions by MAS against crypto entities in Singapore with inadequate stablecoin AML controls.


The Wolfsberg Group has updated its guidance on correspondent banking relationships with VASPs, noting that the rapid growth of stablecoin volumes through crypto exchanges creates material correspondent banking risk where those exchanges have deficient AML/CFT controls. Banks maintaining correspondent relationships with crypto-active financial institutions must now conduct VASP-specific due diligence that addresses stablecoin exposure.


What the Data Is Showing


Chainalysis' 2024 Crypto Crime Report found that stablecoins — predominantly USDT — accounted for 61% of all illicit crypto transaction value, a dramatic increase from 10% in 2020. Total illicit crypto transaction volume reached approximately $24.2 billion in 2023, with sanctions evasion and scam-related activity representing the two largest categories. North Korean state actors alone were attributed with stealing over $1 billion in crypto assets during the year.


On-chain analytics data from Chainalysis and Elliptic indicates that a significant proportion of illicit stablecoin flows pass through high-volume exchanges in jurisdictions with weak AML/CFT supervision before being converted into fiat currency via banking channels. This conversion point — the crypto-to-fiat off-ramp — remains the most critical control point and the most frequently exploited gap in the global AML architecture.


Implications for Financial Institutions


Traditional financial institutions must treat stablecoin-related exposure as a first-order AML risk, not a secondary or emerging one. Customer due diligence for clients with significant crypto activity must include specific enquiry into stablecoin holdings and transaction patterns. Transaction monitoring rules should be calibrated to detect flows indicative of stablecoin conversion activity — particularly large inbound fiat transfers from crypto exchanges in high-risk or non-cooperative jurisdictions.


Correspondent banking relationships with VASPs and crypto-active banks require enhanced due diligence that specifically assesses stablecoin controls: does the respondent institution screen stablecoin wallet addresses against sanctions lists? Does it apply the Travel Rule to stablecoin transfers? Does it have on-chain analytics capability to trace the source of stablecoin funds? These are now minimum supervisory expectations in leading jurisdictions.


Conclusion


Stablecoins are no longer on the horizon of financial crime risk — they are at its centre. The convergence of regulatory frameworks across MiCA, FATF guidance, and bilateral enforcement actions is creating a clearer compliance architecture, but implementation is patchy and the criminals are faster. Financial institutions that have not yet embedded stablecoin risk into their AML/CFT frameworks are operating with material exposure that regulators are increasingly unwilling to overlook.


Suggested Next Steps


  • Conduct a stablecoin exposure assessment across your customer base and correspondent banking portfolio, identifying all touchpoints with stablecoin transaction activity.

  • Deploy on-chain analytics tooling (Chainalysis, Elliptic, or equivalent) to screen VASP-linked transaction flows for stablecoin wallet addresses on OFAC and other sanctions lists.

  • Update VASP correspondent banking due diligence questionnaires to include specific stablecoin controls: Travel Rule compliance, sanctions screening, and on-chain traceability.

  • Review your transaction monitoring rules to ensure they can identify fiat conversion flows from stablecoin off-ramps in high-risk crypto exchange jurisdictions.


Sources: Chainalysis Crypto Crime Report (2024); FATF Updated Guidance on Virtual Assets and VASPs (2023); EU MiCA Regulation (2023); OFAC Virtual Currency Sanctions Actions (2024); BIS Working Paper on Stablecoins and Sanctions (2024); Wolfsberg Group VASP Correspondent Banking Guidance (2024); Elliptic Stablecoin Typologies Report (2024); Regulation Asia crypto enforcement reporting (2025–2026).


TrustSphere helps financial institutions design and deploy intelligent fraud and financial crime detection solutions. Visit www.trustsphere.ai

 
 
 

Comments

Recommended by TrustSphere

Atfinity


 

Izengard


 

Trefis


 

Noto360



 

Thetaray


 


Regulation Asia


 


FCC Analytics

 

Futurum



 



Darwinium


 

Arkose Labs


 

SumSub



 

FinanceX



 

FullArmor



 

Clari5



 

© 2024 TrustSphere.ai. All Rights Reserved.

hello@trustsphere.ai

  • LinkedIn

AML Watcher


 

Relevance.ai



 

LevelFive



 

Disclaimer for TRUSTSPHERE.AI

The content provided on the TRUSTSPHEREAI website is intended for informational purposes only. While we strive to provide accurate and up-to-date information, the data and insights presented are generated from a contributory network and consolidated largely through artificial intelligence. As such, the information may not be comprehensive, and we do not guarantee the accuracy, reliability, or completeness of any content.  Users are advised that important decisions should not be made based solely on the information provided on this website. We encourage users to seek professional advice and conduct their own research prior to making any significant decisions.  TruststSphere Partners is a consulting business. For a comprehensive review, analysis, or support on Technology Assessment, Strategy, or go-to-market strategies, please contact us to discuss a customized engagement project.   TRUSTSPHERE.AI, its affiliates, and contributors shall not be liable for any loss or damage arising from the use of or reliance on the information provided on this website. By using this site, you acknowledge and accept these terms.   If you have further questions,  require clarifications, or requests for removal or content or changes please feel free to reach out to us directly.  we can be reached at hello@trustsphere.ai

bottom of page