Money laundering enforcement emerges as primary compliance threat for cryptocurrency sector: Analysis
Anti-Money Laundering penalties reached $1.06 billion across the first six months of 2025 in the United States as regulatory focus pivoted away from securities enforcement, with Basel framework implementation and compulsory security audits transforming crypto compliance landscape, CertiK findings show.
Enforcement actions targeting Anti-Money Laundering violations have surpassed securities infractions as the primary regulatory risk confronting cryptocurrency businesses, CertiK reports indicate, with the United States Department of Justice alongside the Financial Crimes Enforcement Network levying more than $1 billion in AML-related financial penalties throughout the initial half of 2025.
This transition represents a dramatic departure from the US Securities and Exchange Commission-dominated enforcement pattern that characterized previous years of cryptocurrency oversight. SEC penalties specifically targeting crypto operations plummeted 97% in monetary value on an annual basis, declining from $4.9 billion during 2024 to $142 million in 2025, based on findings released Tuesday by blockchain security auditing firm CertiK.
Deficiencies in transaction monitoring systems and licensing compliance are currently attracting financial penalties comparable to or surpassing numerous previous cryptocurrency securities enforcement actions. The DOJ's settlement agreement with OKX in February 2025 totaled $504 million, whereas KuCoin remitted $297 million during January 2025, with both cases involving charges of conducting unlicensed money transmission operations and Bank Secrecy Act breaches.
The escalation in AML-focused enforcement underscores regulators' intensifying emphasis on compliance infrastructure and financial monitoring systems, with penalties progressively concentrating on operational shortcomings rather than disclosure-based infractions. The transformation mirrors both a shift in United States administrative policy direction and a more comprehensive reevaluation of the SEC's jurisdictional methodology toward digital assets, the report indicates.
Cryptocurrency transaction volume connected to sanctioned entities expanded more than 400% year-over-year throughout 2025, propelled predominantly by Russia-associated networks and state-sponsored stablecoin systems, compelling regulators throughout all significant jurisdictions to elevate transaction surveillance and international financial crime compliance above token categorization debates.
AML-related financial penalties across Europe jumped 767% during the identical timeframe, while regulatory bodies in the Asia-Pacific region demonstrate increasing preference for license cancellations and operational enhancement directives over financial sanctions.
Broader regulatory trends
The enforcement transformation aligns with wider global regulatory developments detailed throughout the report. Stablecoin regulatory frameworks, as an illustration, are advancing from conceptual design toward practical implementation throughout primary jurisdictions, with enforceable structures currently active ranging from the Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act through the Markets in Crypto Assets (MiCA) regime.
Prudential oversight requirements for custodial institutions and trading platforms are becoming more stringent, with mandates now encompassing capital sufficiency, asset separation protocols, liquidity oversight and contingency planning.
The Basel Committee's cryptoasset prudential framework, planned for deployment beginning Jan. 1, 2026, contingent upon regional implementation, has additionally generated what the analysis characterizes as a "structural divide" affecting institutional participation. Group 2 assets, encompassing Bitcoin and Ether, encounter approximately 100% capital requirement charges, rendering them economically challenging for banking institutions to maintain on balance sheets, whereas Group 1 assets, including tokenized conventional instruments and approved stablecoins, obtain standard risk assessments.
A spokesperson representing CertiK's research division informed Cointelegraph that banking institutions handling digital assets under supervision from regulators including Singapore and the EU already operate under this modified enforcement framework.
Smart contract audit mandates address exploit landscape
CertiK stated that smart contract security evaluations are progressively being integrated into licensing requirements and compliance standards throughout significant markets, with security auditing procedures transitioning from elective best practices to legal or near-legal obligations across primary jurisdictions within a two-year period.
This drive toward compulsory auditing emerges as regulatory authorities struggle with establishing accountability within decentralized finance ecosystems. A European Central Bank research document released during March, for instance, determined that governance structures across prominent DeFi protocols maintain significant centralization, creating complications for initiatives attempting to establish which entities should be subject to MiCA regulatory oversight.
CertiK's examination of the leading 100 compromised protocols revealed that 80% had not completed a formal security assessment prior to experiencing a security breach, and these unaudited protocols represented 89.2% of aggregate value losses. Simultaneously, the report indicates infrastructure vulnerabilities including private key compromises and access management deficiencies generated 76% of 2025 financial losses by monetary value, as the threat environment evolved beyond code-based exploits.
The spokesperson explained that existing regulatory auditing mandates align with Web2 regulatory structures and that authorities typically assign the responsibility of identifying pertinent threats to entities under their supervision. Although regulators might mandate annual testing protocols or diverse operational resilience initiatives, such as source code examinations, they infrequently specify exact scope parameters to prevent limiting the comprehensiveness of such assessments, they stated.