Stablecoin and Illicit Finance: What the New FATF Report Reveals

FATF’s Mexico Plenary and a Renewed Focus on Stablecoins

In February 2026, the Financial Action Task Force met in Mexico for its latest plenary session. Among the topics discussed was the growing role of stablecoins and unhosted wallets in digital asset markets and the implications for anti-money laundering frameworks.

Shortly after the plenary, FATF released a targeted report examining the use of stablecoins in illicit finance and the supervisory challenges associated with peer-to-peer transactions and unhosted wallets.

The report builds on several years of work by the organisation on virtual assets. Since 2019, FATF has incorporated digital assets into its global AML framework through Recommendation 15, which introduced standards for virtual asset service providers and the so-called Travel Rule for crypto transfers. Subsequent guidance and implementation reviews have examined how these standards apply across exchanges, custodial wallets and decentralised infrastructure.

Stablecoins have gradually become a central part of that discussion.

Their scale alone explains why. More than 250 stablecoins now circulate globally, with a combined market capitalization exceeding $300 billion and daily trading volumes often surpassing those of Bitcoin. In many crypto markets they function as the primary settlement asset, facilitating trading, lending and cross-border transfers.

Stablecoin activity also accounts for a significant share of on-chain transactions. Estimates suggest that stablecoins represent roughly one third of blockchain transaction volume, reflecting their role as a digital unit of account across decentralised finance and centralised exchanges.

These developments have attracted attention beyond FATF. International bodies including the Bank for International Settlements, the Financial Stability Board, and IOSCO have all examined the implications of stablecoins for financial stability, payment systems and market infrastructure. Their reports consistently highlight two characteristics: stablecoins combine global reach with private issuance, and they circulate across financial markets that do not always align with traditional supervisory boundaries.

Against that background, FATF’s latest report focuses on a narrower but important question.

How do stablecoins interact with illicit finance risks, particularly when they move beyond regulated intermediaries and into peer-to-peer environments involving unhosted wallets?

Adoption and Risk: Two Sides of the Same Architecture

Stablecoins have expanded rapidly for clear reasons.

They allow users to move value across borders quickly, provide liquidity for digital asset markets, offer a stable unit of account in volatile environments, and serve as an alternative store of value in jurisdictions with weak currencies or limited access to the global banking system.

These same characteristics can also make them useful for criminal networks.

The FATF report documents several concrete examples where stablecoins appear within criminal financial flows. State-linked cybercrime groups from the Democratic People’s Republic of Korea, for instance, have used stablecoins as part of the laundering process following large-scale virtual asset thefts. In one case, funds stolen from a crypto platform were routed through mixers, cross-chain bridges and more than 125,000 wallets before being converted into stablecoins such as USDT and ultimately cashed out through over-the-counter brokers.

Stablecoins have also appeared in proliferation financing networks. The report notes that DPRK entities have used USDT in transactions linked to the procurement of military equipment and raw materials such as copper used in munitions production.

Other examples involve organised crime networks. Drug trafficking organisations have been observed using stablecoins such as USDT on TRON and USDC on Ethereum to pay overseas suppliers of synthetic drug precursors and to move proceeds across borders before converting them back into fiat currency.

Terrorist groups have also experimented with stablecoins. Organisations including ISIL and Al-Qaeda affiliates have been reported to solicit donations in stablecoins through social media campaigns and encrypted messaging platforms, often rotating wallet addresses and splitting transactions into smaller transfers to reduce detection risks

Yet the report also makes an important distinction. Stablecoins are rarely the dominant method of illicit finance. Traditional mechanisms such as cash, informal value transfer systems and conventional banking channels still account for the overwhelming majority of criminal financial activity.

In most cases, stablecoins appear as one component within a broader laundering chain rather than as a standalone system. The concern for regulators therefore lies less in the existence of stablecoins and more in how they circulate through the financial system.

Illicit Finance Patterns: What the FATF Report Finds

Beyond individual case studies, the FATF report identifies several broader patterns in how stablecoins appear in illicit financial activity.

First, stablecoins are increasingly used as a transfer and settlement layer rather than as the starting point of criminal proceeds. In many schemes, funds originate in other assets and are later converted into stablecoins as part of the laundering process. Their price stability and deep liquidity make them useful as an intermediate asset before funds are moved across platforms or cashed out.

Second, the report notes the growing role of cross-chain infrastructure in laundering flows. Criminal actors frequently move funds through bridges, decentralised exchanges and asset swaps before converting them into stablecoins. These transactions often span multiple blockchains and service providers, making the full transaction path more difficult to trace.

Third, the report highlights the increasing importance of over-the-counter brokers and peer-to-peer networks in converting stablecoins back into fiat currency. These actors often operate across jurisdictions and may not always fall clearly within existing regulatory frameworks.

The report also notes that stablecoin activity is becoming increasingly concentrated on a small number of networks with high transaction throughput and low fees. This concentration can create both risk and opportunity. On the one hand, it allows illicit actors to move funds efficiently. On the other, it also means that a relatively limited number of ecosystems account for a large share of stablecoin activity, which can make monitoring more focused.

Stablecoin Lifecycle: Where AML Controls Exist 

One of the key observations in the FATF report is that stablecoin ecosystems contain very different compliance environments depending on where in the lifecycle a transaction occurs.

At the entry and exit points of the system, anti-money laundering controls are typically strongest.

Primary issuance and redemption usually involve regulated intermediaries. Users interacting with stablecoin issuers or major exchanges must undergo customer due diligence, transaction monitoring and sanctions screening. These points of interaction resemble traditional financial onboarding processes.

But stablecoins do not remain within those environments.

Once issued, they circulate across secondary markets. They move between exchanges, decentralised protocols and peer-to-peer transactions involving unhosted wallets.

At this stage, the presence of regulated intermediaries becomes less consistent. Transfers can occur directly between users without a central platform applying compliance controls.

For supervisors, this creates a structural challenge.

AML frameworks are traditionally built around regulated institutions. Stablecoin markets, however, allow value to circulate beyond those institutions while still retaining global liquidity.

This is why the FATF report places particular emphasis on peer-to-peer transactions and unhosted wallets.

Issuer Responsibility: A New Compliance Question

These dynamics raise an important question about where AML responsibility should sit within stablecoin ecosystems.

Historically, financial regulation has placed compliance obligations primarily on intermediaries such as banks and payment service providers. But stablecoins introduce a different architecture.

Issuers create the digital asset, yet the asset can circulate independently across a wide range of markets and protocols.

Some regulators have begun to recognise this distinction. Supervisory frameworks emerging in jurisdictions such as Hong Kong increasingly expect stablecoin issuers to consider downstream risks within the circulation of their tokens. The discussion is also beginning to appear in broader industry guidance, including work by groups such as the Wolfsberg Group on the treatment of stablecoins within financial crime frameworks.

The question is no longer simply whether stablecoin issuers conduct proper onboarding.

It is whether compliance can extend beyond the point of issuance.

Programmable Compliance: Controls at the Asset Level

One reason this discussion has intensified is that stablecoins possess capabilities that traditional financial instruments do not.

Unlike bank deposits or physical cash, stablecoins are programmable digital assets. Issuers can embed controls directly into the asset itself, allowing certain compliance functions to operate at the level of the token rather than only through financial intermediaries.

The FATF report highlights several mechanisms already used in practice. Stablecoin issuers may retain administrative capabilities within the token’s smart contract that allow them to freeze funds, blacklist wallet addresses or prevent transfers involving sanctioned entities.

A well-known example is the blacklist functionality embedded in the smart contracts of the USDC stablecoin issued by Circle. Through this mechanism, Circle can designate specific blockchain addresses as blocked, preventing those wallets from transferring USDC tokens and effectively immobilising the funds. The function has been used in multiple cases involving stolen digital assets, sanctions enforcement and law-enforcement requests.

In similar ways, some stablecoin arrangements also allow issuers to burn tokens associated with illicit activity or freeze assets pending investigation. These features enable enforcement actions that would not be possible with physical cash and are significantly more difficult to implement in traditional banking systems without cooperation from multiple intermediaries.

These capabilities introduce an important possibility.

Compliance no longer has to rely solely on regulated institutions such as exchanges or custodial wallet providers. Certain safeguards can be embedded directly into the digital asset itself, allowing compliance controls to operate within the infrastructure of the token.

This does not eliminate the need for intermediaries or regulatory oversight. But it does suggest that the architecture of financial crime controls may look different in programmable financial systems than it does in traditional payment networks.

Beyond Blacklists: The Next Phase of Programmable Compliance

At the same time, blacklist models have clear limitations.

They are reactive by nature, requiring continuous updates as new addresses emerge. Criminal networks can attempt to evade restrictions by moving funds across different wallets or through intermediary protocols.

This is why some segments of the digital asset industry are beginning to explore more dynamic compliance frameworks. Tokenised financial markets have already experimented with permissioned tokens that enforce eligibility rules directly on-chain. Infrastructure projects are developing transaction-validation systems capable of checking regulatory conditions before settlement occurs.

Tokenised financial markets have already experimented with permissioned token architectures that embed regulatory conditions directly into the asset itself. Projects such as Tokeny’s T-REX framework, for example, allow token issuers to define investor eligibility rules and transfer restrictions that are automatically enforced during both primary issuance and secondary trading. Instead of relying solely on platform-level checks, the token itself carries the compliance logic.

Infrastructure providers are also experimenting with transaction-validation layers that operate before settlement occurs. Chainlink’s Automated Compliance Engine (ACE) is designed to allow smart contracts to query off-chain compliance data and apply regulatory checks before a transaction is executed. Similar ideas appear in projects such as Evergon’s on-chain signature gating, where transactions can require cryptographic attestations confirming that participants satisfy defined compliance conditions.

Other initiatives approach the challenge from a supervisory infrastructure perspective. Platforms such as Project Guardian in Singapore have explored tokenised financial markets where institutional participants interact through permissioned environments that embed compliance verification into transaction flows. Likewise, collaborative frameworks such as Project Ensemble and market infrastructure initiatives like Mandala are experimenting with ways to integrate regulatory verification, identity credentials and transaction permissions directly into digital asset settlement layers.

Across these different models, the underlying concept is similar.

In these models, compliance becomes proactive rather than reactive. Instead of identifying illicit activity after funds have moved, the system evaluates whether a transaction should be permitted in the first place.

This approach remains in its early stages. But it illustrates how programmable financial infrastructure may change the design of financial crime controls.

Regulatory Balance: Risk and Compliance Innovation

The FATF report ultimately reflects a broader evolution in how regulators view digital asset markets.

Crypto markets undeniably introduce new financial crime risks.  But these same technologies also introduce new compliance tools.

Blockchain transparency enables real-time transaction tracing. Digital assets can incorporate automated sanctions enforcement. And programmable infrastructure creates the possibility of embedding regulatory controls directly into financial instruments.

This combination presents regulators with a dual challenge.

The task is not simply to contain the risks created by digital assets. It is also to understand how the technology may reshape the architecture of compliance itself.

Stablecoins sit at the center of that transformation.

Learn More

Anti-money laundering has been part of the crypto regulatory conversation for many years. In fact, AML obligations were the first layer of financial regulation formally extended to digital asset markets, long before comprehensive frameworks such as MiCA or new US legislative proposals began to take shape.

Understanding developments like the FATF’s latest report therefore requires more than reading individual policy papers. It requires understanding how global AML standards apply to digital asset infrastructure, what regulators expect from market participants, and how those expectations translate into operational compliance frameworks.

It also raises a broader question: how emerging technologies, including programmable compliance tools, may change the way financial crime controls are implemented in digital markets.

If you would like to explore these topics in more depth, including the regulatory expectations for crypto financial crime controls and the practical design of compliance systems, you can learn more in our Crypto Financial Crime and Compliance course.

👉 Learn more here: Crypto Financial Crime Compliance Specialist Course