________________________________________
Cryptocurrency, Money Laundering and Fraud:
How Risk Perceptions Suppress Legitimate Growth – and How Risk-Based AML/KYC Regulation Can Unlock Crypto’s Potential
Dr Imran Rasool (Fulbright Scholar)
AML/CFT & Sanctions Technical Expert – Advisor on FATF-Aligned Regulatory Reforms
CAMS, CGSS________________________________________
Abstract
Crypto-assets promise cheaper payments, programmable finance and broader access to financial services, but their growth has been overshadowed by concerns about money laundering, fraud and sanctions evasion. High-profile hacks, scams and illicit flows have shaped a policy narrative in which crypto is often framed primarily as a crime problem rather than an infrastructure opportunity. Recent data, however, show a more nuanced picture: while absolute volumes of illicit crypto activity are large—tens of billions of dollars annually—the share of overall transaction volume is relatively small and concentrated in specific typologies such as hacks, scams, mixers and sanctions-related activity.
This article argues that weak or uneven AML/KYC controls are now a constraint on legitimate crypto adoption, not a precondition for it. Fragmented regulation raises compliance risk, deters institutional investors and encourages “grey zone” business models, while well-designed, risk-based frameworks—anchored in the Financial Action Task Force (FATF) standards on virtual assets and virtual asset service providers (VASPs) and regional regimes such as the EU’s Markets in Crypto-Assets Regulation (MiCA)—can both mitigate financial-crime risks and support sustainable market development.
Drawing on recent empirical work, supervisory reports and crime data, the paper develops three claims. First, money-laundering and fraud risks in crypto are real but highly uneven, with particular concentration in lightly regulated exchanges, mixers, DeFi protocols and stablecoins. Second, the perception that “crypto equals crime” has policy and market costs, including derisking, delayed licensing and lost innovation. Third, a combination of robust licensing, effective Travel Rule implementation, privacy-preserving KYC, on-chain analytics and stronger supervisory cooperation can reduce these risks while preserving many of crypto’s original benefits. The paper concludes with a roadmap for regulators and industry on how to reframe AML/KYC not as a brake on crypto, but as an enabler of its “legitimate” potential.
Keywords: cryptocurrency, virtual assets, money laundering, fraud, KYC, AML/CFT, FATF, MiCA, DeFi, stablecoins, regulation
________________________________________
1. Introduction: Crypto’s Promise Under a Shadow
Since Bitcoin’s launch in 2009, crypto-assets have evolved from a fringe experiment into a global market with trillions of dollars in cumulative transaction volume, institutional products and complex ecosystems around exchanges, wallets, DeFi protocols and stablecoins. At the same time, the sector has become closely associated with hacks, ransomware, fraud, sanctions evasion and darknet markets, and regulators increasingly view crypto through the lens of financial crime.
Recent crime data illustrates the scale of the problem. Chainalysis estimates that addresses linked to illicit activity received around 40–51 billion USD equivalent in 2024, with a growing share involving stablecoins and sanctioned entities. FATF reports that only a minority of jurisdictions are “largely compliant” with its virtual asset standards, despite repeated warnings about regulatory gaps and cross-border spillovers.
Yet, the same technologies underpinning these abuses also offer legitimate benefits: programmable payments, 24/7 settlement, tokenised assets, cheaper cross-border transfers and new financial-inclusion channels. The challenge is that perceived money-laundering and fraud risks now inhibit the very growth that could make crypto more mainstream and well-governed. Banks restrict relationships with exchanges; institutional investors hesitate; and regulators respond with blanket bans or fragmented rules.
This paper asks a simple question:
Can better AML/KYC and regulation simultaneously reduce crypto’s crime risks and unlock its genuine economic potential?
The argument is that they can, if designed and implemented in a risk-based, technologically informed way.
________________________________________
2. What We Actually Know About Money Laundering and Fraud in Crypto
2.1 Typologies and magnitudes
Crypto crime covers a wide range of activities:
• Money laundering and mixers: obfuscation services that pool and redistribute funds to break transaction trails.
• Scams and fraud: many involving fake investments, “rug pulls” and romance-based “pig butchering” schemes.
• Ransomware and cybercrime: where payment and laundering are conducted in crypto.
• Sanctions evasion and darknet markets: including activity linked to high-risk exchanges and state-sponsored actors.
• DeFi and NFT abuses: such as wash trading, market manipulation and exploits of unaudited smart contracts.
Empirical research confirms that money-laundering risks are significant but concentrated. Spyra (2025), for example, finds that financial professionals perceive high ML risk in crypto, but associate it particularly with anonymity-enhancing tools, cross-border transfers and weakly regulated service providers. Studies of DeFi highlight challenges for existing AML frameworks where there is no traditional intermediary mediating transactions.
Industry estimates show that, in relative terms, the share of total crypto activity linked to crime is modest, but the absolute levels remain large enough to concern policymakers, especially where funds are tied to terrorism, proliferation or major fraud schemes.
2.2 Regulatory perception and “headline risk”
Policymakers and the public often react not to statistical averages, but to headline events: multi-billion dollar hacks, high-profile exchange failures or cases where crypto has financed weapons programs or organised crime. FATF’s 2025 report stresses that sanctioned entities and terrorist groups increasingly exploit virtual assets, and that gaps in one jurisdiction can undermine efforts elsewhere.
In Europe, the new Anti-Money Laundering Authority (AMLA) has explicitly called crypto the region’s “top money-laundering threat”, citing anonymity, cross-border reach and inconsistent supervision as key drivers. Such statements shape bank risk appetites and influence how the entire sector is viewed, regardless of the many compliant firms operating under strict controls.
The result is a feedback loop:
1. Weak controls → large, visible crime cases.
2. Large cases → negative policy and media narratives.
3. Negative narratives → derisking, fragmented regulation, slower institutional adoption.
4. Slower adoption and derisking → more business flows to poorly regulated or offshore actors.
Breaking this loop is central to unlocking crypto’s legitimate potential.
________________________________________
3. International Standards: From FATF to MiCA
3.1 FATF’s virtual asset framework
The global baseline for AML/CFT in crypto is set by the Financial Action Task Force. In 2018–2019 FATF updated Recommendation 15 and its Interpretive Note to explicitly cover virtual assets (VAs) and virtual asset service providers (VASPs), extending core obligations such as customer due diligence (CDD), record-keeping, suspicious transaction reporting and the so-called Travel Rule to crypto.
The 2021 updated Guidance for a Risk-Based Approach to Virtual Assets and VASPs clarifies:
• Definitions of VAs and VASPs;
• Application of standards to stablecoins and DeFi-like arrangements;
• Licensing and registration expectations;
• Implementation of the Travel Rule;
• Principles for cooperation between VASP supervisors.
However, a 2024–2025 targeted update shows slow and uneven implementation: only a minority of assessed jurisdictions are largely compliant, and many still lack effective supervision or Travel Rule frameworks.
3.2 The EU’s MiCA and the emerging AMLR/TFR framework
The European Union has moved towards a comprehensive regime. The Markets in Crypto-Assets Regulation (MiCA) establishes harmonised rules for issuers and service providers, including licensing, governance, disclosure and conduct standards for crypto-asset service providers (CASPs).
MiCA interacts with a separate but connected AML package:
• A directly applicable EU Anti-Money Laundering Regulation (AMLR) that explicitly includes CASPs as obliged entities.
• An updated Transfer of Funds Regulation (TFR) that extends Travel Rule obligations to crypto transfers.
Together, these reforms aim to create a level playing field where CASPs must meet robust AML/CFT expectations in exchange for regulatory clarity and passporting rights. Early commentary highlights MiCA’s potential to reduce regulatory arbitrage and support more consistent risk-based supervision.
________________________________________
4. How Weak AML/KYC Suppresses Legitimate Crypto Growth
4.1 Derisking and constrained access to banking
Banks and traditional financial institutions are critical “gateways” for crypto businesses. Where supervisors view the sector as inherently high risk, and AML/KYC expectations are unclear, banks often derisk by declining relationships with exchanges, wallet providers or fintech intermediaries. This pushes legitimate firms to:
• Seek offshore banking with weaker oversight;
• Rely on shadow service providers; or
• Limit growth and innovation due to lack of payment rails.
Such behaviour is rational from a narrow compliance perspective but counterproductive from a systemic one: concentrated reliance on a few high-risk venues increases overall vulnerability to abuse.
4.2 Fragmented regulation and compliance uncertainty
FATF’s own reviews stress that implementation gaps—especially around licensing, risk assessment and supervision—create regulatory fragmentation, allowing VASPs to arbitrage between jurisdictions or operate without meaningful oversight.
For compliant firms, this means:
• Multiple, sometimes conflicting, AML/KYC requirements;
• Higher compliance costs;
• Delays in cross-border expansion.
For institutional investors, it means uncertain risk: even where individual projects are sound, the regulatory perimeter around them may not be.
4.3 Reputational drag and valuation discounts
High levels of fraud and scam activity, including AI-enhanced “pig butchering” and investment scams, contribute to a reputational discount for crypto as an asset class. Issuers and platforms may face:
• Higher cost of capital;
• Reluctance from conservative investors, especially in pension and insurance sectors;
• Pressure from regulators and auditors;
• Heightened litigation risk.
In this environment, strong, verifiable AML/KYC controls become a comparative advantage rather than a burden.
________________________________________
5. Designing AML/KYC for Crypto That Enables, Rather Than Kills, Innovation
The key is not just “more regulation”, but better design and implementation. Several principles emerge from current practice and FATF/EU guidance.
5.1 Risk-based, technology-neutral regulation
A “same risk, same rule” approach treats crypto activity broadly analogous to traditional finance where the risks are similar—e.g., fiat-linked stablecoins issued by centralised entities should meet standards comparable to e-money. At the same time, purely peer-to-peer or non-custodial arrangements may require different tools (e.g., focus on entry/exit points, analytics and user-facing interfaces) rather than forcing an intermediary model that does not exist.
A well-calibrated risk-based framework allows:
• Lighter requirements for low-risk, limited-function services;
• Strong controls for high-risk activities (privacy coins, cross-chain bridges, mixers);
• Proportionate expectations for start-ups versus systemically important platforms.
5.2 Strong, smart KYC and the Travel Rule
KYC remains foundational, but there is scope to modernise implementation:
• Use digital identity and trusted e-ID schemes to simplify onboarding while preserving assurance.
• Implement risk-sensitive due diligence, deepening checks for high-risk geographies, products and counterparties instead of applying uniform friction.
• Operationalise the Travel Rule for VASPs with interoperable messaging standards, clear thresholds and robust counterparty due diligence.
Industry experience has shown that poorly coordinated Travel Rule roll-outs can create fragmentation and friction; coordinated technical standards and supervisory guidance are therefore critical.
5.3 On-chain analytics and public-private collaboration
One major advantage of blockchain-based systems is that transaction data is, in principle, auditable. On-chain analytics tools can identify clustering, mixer usage, sanctions exposure, scam patterns and high-risk entities in near real time.
Effective use of these tools requires:
• Clear regulatory expectations on their use in transaction monitoring;
• Information-sharing channels between VASPs, banks and law enforcement;
• Feedback loops where law-enforcement typologies feed back into risk models.
Some stablecoin issuers already use on-chain monitoring combined with address freezing capabilities, which has led to the proactive blocking of billions of dollars in illicit balances.
5.4 Governance, accountability and supervision
Even the best technical controls fail without governance:
• Clear board-level responsibility for AML/CFT and sanctions;
• Independent compliance functions with authority commensurate to risk;
• Transparent model governance for transaction-monitoring and risk-scoring algorithms;
• Regular independent audits and testing.
Supervisors in turn must have the tools and expertise to assess crypto-specific risks, review smart-contract and custody arrangements, and coordinate across borders. The creation of EU-level bodies like AMLA is one attempt to address these gaps; other regions are exploring similar models.
________________________________________
6. Policy and Market Recommendations
6.1 For regulators and standard-setters
1. Close implementation gaps in FATF’s virtual asset standards, focusing on licensing, beneficial-ownership transparency and effective supervision of VASPs.
2. Provide clear, technology-neutral guidance on DeFi, stablecoins and non-custodial wallets to avoid regulatory vacuums that criminals can exploit.
3. Promote interoperable Travel Rule solutions through supervisory colleges and technical standard-setting, reducing fragmentation and operational burden.
4. Support public-private partnerships and data-sharing initiatives that leverage on-chain analytics while respecting privacy and data-protection law.
6.2 For industry and VASPs
1. Treat AML/KYC not as a box-ticking obligation but as a core part of the business model, critical for access to banking, investors and cross-border licences.
2. Invest in modern KYC, digital identity, and on-chain analytics as differentiators that can be showcased to regulators and partners.
3. Adopt transparent governance: publish risk frameworks, independent audit summaries and enforcement-cooperation statistics where possible.
4. Collaborate on open-source tools and common standards for Travel Rule messaging and sanctions screening.
6.3 For researchers and policy analysts
1. Produce more granular studies of ML and fraud risks across different crypto sub-sectors (DeFi vs CeFi, NFTs, stablecoins, cross-chain bridges) to refine risk-based approaches.
2. Evaluate the effectiveness and unintended consequences of current AML measures—for example, whether particular bans or de-anonymisation rules simply push activity offshore.
3. Explore how privacy-preserving technologies (zero-knowledge proofs, selective disclosure) can reconcile regulatory needs with users’ legitimate expectations of privacy.
________________________________________
7. Conclusion: AML/KYC as a Precondition for Crypto’s Legitimate Future
The debate about crypto and financial crime is often framed in binary terms: either embrace innovation and tolerate higher risk, or clamp down so hard that innovation dies. The evidence suggests a different story.
Crypto has undoubtedly been used for money laundering, fraud and sanctions evasion, sometimes at massive scale. But these abuses are concentrated in specific channels and business models, and they flourish precisely where regulation is weakest, supervision is limited and basic KYC and governance are missing.
At the same time, jurisdictions that are moving towards clear, risk-based regimes—combining FATF-aligned standards, MiCA-style licensing and serious supervisory capacity—are starting to attract more institutional interest, better-capitalised firms and more credible projects. In such environments, robust AML/KYC and smart regulation become enablers, not obstacles: they reduce crime risk, improve market integrity and make it easier for mainstream finance to participate.
The central claim of this paper is that crypto’s long-term growth and its anti-money-laundering obligations are not in conflict. On the contrary, the sector will only realise its full potential—whether in payments, tokenised assets or new forms of financial infrastructure—if it can demonstrate that it is a reliable, well-governed and law-abiding part of the financial system. That requires moving beyond the simplistic idea that compliance “kills” innovation, and accepting that effective AML/KYC is the price of admission to serious, sustainable adoption.
________________________________________
References
• Chainalysis (2024–2025). Crypto Crime Reports and Money Laundering Updates.
• Financial Action Task Force (2019). Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers.
• Financial Action Task Force (2021). Updated Guidance: A Risk-Based Approach to Virtual Assets and VASPs.
• Financial Action Task Force (2024–2025). Targeted Update on Implementation of the FATF Standards on Virtual Assets and VASPs.
• European Securities and Markets Authority (ESMA). Markets in Crypto-Assets Regulation (MiCA) Overview.
• Spyra, M. (2025). “Cryptocurrencies as a Tool for Money Laundering: Risk Assessment and Perception of Threats Based on Empirical Research.” Risks 13(10):189.
• Tran Tu, X. (2025). Money Laundering Risks in Decentralized Finance. Master’s thesis, Stockholm University.
• Xia, P. et al. (2024). “The Devil Behind the Mirror: Tracking the Campaigns of Cryptocurrency Abuses on the Dark Web.” arXiv:2401.04662.
• Zola, F. et al. (2025). “Topological Analysis of Mixer Activities in the Bitcoin Network.” arXiv:2504.11924.
• von Wachter, V. et al. (2022). “NFT Wash Trading: Quantifying Suspicious Behaviour in NFT Markets.” arXiv:2202.03866.
• EU AMLA and related press coverage on crypto risk.
________________________________________