Why compliance still fails to prevent financial crime — and what the next AML architecture will look like
Regulators are no longer impressed by the number of reports filed — they want proof that compliance systems actually stop crime. Here’s why banks and crypto firms are being forced to rebuild their financial crime programs from the ground up to keep pace with blockchain speed and the rise of AI.
08.07.2026
21
13 min
0
Governments and private companies spend hundreds of millions of dollars on financial monitoring and digital asset crime prevention. Yet it still isn’t enough. GetBlock AML Research explains why hackers and fraudsters keep staying one step ahead — and how that may begin to change in the near future.
Key takeaways
- According to research on crypto-related financial crime in 2025, roughly 95% of all inflows to sanctioned cryptocurrency addresses now come through stablecoins. The shift happened so quickly that most existing compliance systems have not adapted.
- Regulators are also changing how they evaluate financial crime programs. In the past, the focus was largely on the number of suspicious transactions identified and reports filed. Increasingly, the emphasis is shifting to outcomes: does a compliance program actually prevent illicit activity, rather than simply document it?
- Artificial intelligence can significantly improve the performance of any compliance system — but it amplifies both strengths and weaknesses. When deployed within a well-designed control framework, it can raise quality dramatically. But if it is layered onto a poorly functioning system, it will only accelerate and scale existing failures.
- Traditional risk management infrastructure used by banks and other financial institutions was built long before modern blockchains emerged. AML, fraud prevention, sanctions compliance, and cybersecurity teams often operate in silos. But a single transaction in decentralized finance can touch all of those areas at once, causing legacy control models to break down.
- In the first year of one of the largest international information-sharing systems between public authorities and crypto market participants, roughly $80 million in illicit transactions was prevented, while the false-positive rate remained below 10%. That result highlights how effective automated information-sharing between the public and private sectors can be.
- Stablecoin issuers may also face a new set of obligations. In the past, they were mainly expected to respond to formal law enforcement requests. Now, policymakers are discussing whether issuers should be required to monitor secondary-market activity on an ongoing basis — even without a specific legal order.
Stablecoins changed sanctions evasion — and most compliance systems still haven’t caught up
Just two years ago, many compliance professionals believed that crypto could not realistically be used to evade international sanctions at scale. There were several reasons for that view.
First, digital asset markets were seen as too illiquid. Second, the volatility of cryptocurrencies made them an impractical tool for governments under severe economic pressure. The assumption was that digital assets simply could not become a meaningful part of a national financial survival strategy. But market developments have proven those assumptions wrong.
Today, blockchain analysis shows that around 95% of all funds flowing into cryptocurrency addresses linked to sanctioned entities now come through stablecoins. The reason is straightforward.
Stablecoins pegged to the US dollar offer the same advantages that make them attractive to ordinary market participants: deep liquidity, fast cross-border transfers, and relative price stability.
For countries under prolonged sanctions pressure, digital assets have gradually become part of their financial survival toolkit. At the same time, sanctions-evasion tactics have grown more sophisticated. One of the most common schemes discussed by investigators is a multi-stage laundering structure designed to obscure the origin of funds.
The process often starts with the purchase of stablecoins that are being sold at a discount after a major hack or other criminal event. The funds are then moved repeatedly across multiple blockchains, with the routes intentionally designed to make freezing or seizure as difficult as possible. After passing through the full chain of transfers, the funds are converted back into stablecoins just before re-entering the traditional financial system.
These schemes also rely on so-called “funnel accounts” — short-lived addresses that process large volumes of funds and are never used again once the operation is complete. Complex as these structures are, they still leave recognizable traces on-chain. Before funds reach a final exchange, they are often split into many smaller transfers.
Intermediate addresses frequently serve no other purpose at all. That is why simply screening an address at the moment funds arrive at an exchange is no longer enough. To detect this kind of activity, investigators have to reconstruct the full chain of prior transfers — sometimes across dozens of addresses.
Another major finding of the research is that Western crypto exchanges and banks registered in jurisdictions such as the UK, the US, Singapore, Hong Kong, or the UAE can still become part of international financial networks used by intermediary companies tied to sanctioned states.
That means a financial institution’s geographic location is no longer a reliable proxy for risk. Effective stablecoin compliance requires tracing the full history of fund flows — not just screening the address that sent a particular transaction.
Regulators no longer care how many reports you file — they want measurable results
The way regulators assess the effectiveness of financial crime compliance programs is gradually changing. In the past, the focus was largely on how many suspicious activity reports (SARs) an institution filed, how sophisticated its risk assessment framework was, and how many internal reviews it conducted. That is no longer enough.
Today, regulators are asking a far more important question: does the program actually prevent financial crime, and does it help law enforcement receive actionable intelligence in time to stop illicit activity?
This is where the industry runs into a major problem. There is still no universal definition of what an effective financial crime compliance program actually looks like. Nor is there a widely accepted set of metrics for measuring that effectiveness objectively.
At the same time, illicit activity in digital finance continues to grow rapidly. Schemes are becoming more complex. New financial products are proliferating. Yet the size of compliance teams in many organizations is barely changing. As a result, most legacy performance metrics are no longer a reliable reflection of what is actually happening.
Today, AML teams typically measure their work by the number of alerts received, the volume of SARs filed, case review speed, and the number of investigations closed.
But those metrics say very little about the one thing that matters most: whether a crime was actually prevented. The problem becomes especially clear during regulatory reviews. According to AML experts, many organizations have reasonably strong risk assessment systems that do a good job of identifying potential threats.
What often happens next, however, is that the company cannot answer the follow-up question: what specific controls should be applied to each identified risk? That is where the gap emerges between theoretical risk identification and the practical operation of the compliance program. Regulators are becoming increasingly clear on this point: financial crime compliance can no longer be treated as a documentation exercise.
Institutions now have to prove that their systems actually work and are capable of preventing illicit activity. The firms that have made the most progress in this area are already shifting to an entirely different set of performance metrics. The emphasis is moving away from paperwork and toward outcomes.
For example, the new questions increasingly look like this:
- How much useful intelligence was shared with law enforcement in time to make a difference?
- How many criminal schemes were disrupted as a result of compliance action?
- How many illicit transactions were actually prevented by the control framework?
These are the kinds of metrics that are gradually becoming the new benchmark for effectiveness.
AI strengthens any system — whether it’s good or bad
In recent years, artificial intelligence has become one of the most widely discussed tools in financial crime compliance. Firms are exploring a wide range of use cases.
Large language models, for example, can help investigators handle cases more efficiently. AI can draft first versions of suspicious activity reports automatically.
Multiple AI agents working together can review hundreds of new financial products at once and determine which ones require immediate attention.
New systems are also emerging that make enhanced customer due diligence almost fully automated, based on a single set of initial inputs. All of this sounds highly promising. But compliance professionals keep emphasizing one critical point: AI does not improve a system on its own.
What it does is amplify the processes that already exist inside an organization. If a financial crime compliance program is well designed and its procedures are clearly defined, AI can meaningfully improve quality and productivity. But if the existing system already contains errors, weak controls, or poorly designed workflows, AI will not fix them.
It will learn those weaknesses quickly — and begin reproducing them at much greater speed and scale. That is why one of the clearest conclusions from the discussion is also one of the simplest: do not automate a broken system. Fix the underlying weaknesses first, and only then layer AI on top of it.
A new problem: who passes KYC when the transaction is executed by AI?
The rise of autonomous AI agents is already forcing the industry to confront an entirely new set of questions. One scenario that is coming up more and more often is when an AI system independently executes financial transactions on behalf of a user. That creates a problem current rules barely address.
Traditional Know Your Customer procedures are built around verifying the identity of a specific client. If a person uses their own AI agent, a financial institution can still verify the human owner behind that agent. But it may have no idea who created the AI agent on the other side of the transaction. In practice, the interaction is no longer between two people — it is between two autonomous systems.
Modern customer due diligence rules were designed long before this kind of technology existed, and they are poorly suited to the architecture of an AI-driven digital economy. That is why many compliance professionals believe the firms that start addressing this issue now will be far better prepared for a future in which autonomous digital commerce becomes mainstream.
Legacy compliance infrastructure was not built for blockchain speed
Most large financial institutions built their risk management systems for a completely different era. AML, fraud, sanctions compliance, and information security teams still tend to operate as separate functions.
Each has its own procedures, timelines, alert queues, software stack, and area of responsibility.
That model worked reasonably well in traditional finance, where a suspicious transaction could surface overnight and be reviewed by an analyst the next morning. Digital assets operate by a completely different logic.
A single DeFi transaction can simultaneously carry several types of risk. It may involve potential money laundering, show signs of fraud, raise sanctions concerns, and trigger information security issues — all at once.
If each department analyzes that transaction independently, the institution will inevitably lose time. That is why more and more experts are concluding that siloed control systems are no longer fit for digital assets.
Effective oversight requires a unified risk management infrastructure that brings all control functions together — both at the transaction monitoring level and within the broader internal risk framework. Existing monitoring tools are also proving inadequate.
Most solutions originally built for traditional banking still process information in batches at set intervals. They were never designed to handle blockchain data and traditional financial data in a single workflow.
As a result, firms struggle to identify risky transactions close to real time.
Criminal networks have already learned to collaborate. Compliance systems are only beginning to catch up
Today’s criminal organizations no longer operate in isolation.
Over the past several years, they have built sprawling infrastructures that allow them to coordinate activity across multiple jurisdictions, combine different money-laundering methods, and engage in several forms of illicit activity at the same time.
Yet many compliance teams still operate according to an older model. Even within a single company, different risk functions often remain largely disconnected from one another. During industry discussions, experts repeatedly highlighted just how intertwined the activities of criminal groups and state-linked networks have become.
Infrastructure used to evade sanctions, wallets tied to Iranian entities, and funds stolen by North Korean hacking groups are often directly connected on-chain.
The money moves through the same laundering pathways. It relies on the same financial intermediaries. In many cases, the same concealment techniques are used across different networks. At the same time, large-scale fraud ecosystems continue to expand.
If these hubs were once concentrated mainly in Southeast Asia, similar structures are now increasingly emerging across Africa and Latin America.
Organized criminal groups are also treating fraud as a more attractive business model than traditional crime. The risk of prosecution is lower, while the returns are often far higher.
One response to that growing coordination has been the gradual expansion of information-sharing between public authorities and private firms.
In the first year of one such initiative, roughly $80 million in illicit transactions was prevented. Private-sector participants also reported that false positives accounted for less than 10% of incoming alerts.
That level of accuracy is significantly better than what most standard blockchain analytics systems deliver — and it allows participants to act before formal legal procedures even begin.
Today, that system includes around 70 private-sector organizations, which together account for roughly 75% of global centralized crypto exchange activity.
Secondary market monitoring is becoming a new regulatory expectation
In recent years, several initiatives from different government bodies have started to reshape how regulators view the responsibilities of stablecoin issuers and other blockchain-native market participants.
Where the focus used to be limited largely to a company’s own customer base, there is now a growing expectation that firms should monitor the movement of their digital assets much more broadly — even after those assets have moved beyond their direct customer relationships.
A major milestone was the passage of the GENIUS Act in 2025. The law established a technical requirement for stablecoin issuers to maintain the ability, when necessary, to freeze assets, seize them, or destroy tokens entirely. But the regulatory discussion does not stop there.
At the same time, U.S. officials have been discussing a new initiative from FinCEN, the country’s financial crimes regulator. According to compliance experts, the proposed changes could create a fundamentally new obligation. The issue is no longer just responding to court orders or lawful government requests.
Issuers may ultimately be expected to maintain a continuous monitoring framework for the secondary-market circulation of their digital assets. In other words, oversight would have to be ongoing rather than triggered only by a formal request. In practice, that would amount to a new benchmark for judging whether a compliance program is actually effective.
Many firms, however, still have not built those capabilities in practice. And that raises another important question: how durable will these expectations be over the long term?
A large share of digital asset regulation today is still evolving not through fully enacted legislation, but through agency guidance, interpretive statements, and supervisory recommendations. Those can be reversed relatively quickly by a future administration.
That is why companies planning to operate in this market for years are pushing for key obligations to be written directly into law. The reason is straightforward: building the required infrastructure takes years and requires major investment. Without clear, durable rules, it becomes much harder to justify those costs.
What it will take to fight AI-enabled financial crime
One theme came up repeatedly throughout the conference: today’s financial crime controls were built for a completely different threat environment. They are now being asked to confront criminal organizations that often operate faster and more cohesively than the institutions trying to stop them.
Criminal groups use shared laundering infrastructure across borders. Funds move faster than traditional legal processes can keep up with.
The same schemes are often used simultaneously by different criminal organizations and by networks linked to sanctioned states. Yet many compliance programs still evaluate each risk category in isolation. According to AML experts, the organizations making the most progress in closing that gap tend to do two things.
First, they build a unified risk management framework that combines blockchain activity and traditional finance, AML, fraud prevention, sanctions compliance, and internal controls — rather than treating digital assets as just another product line.
Second, they invest heavily in cooperation with law enforcement, peer financial institutions, and government agencies facing the same threats.
Modern financial crime is evolving faster than the regulatory systems designed to contain it. But the clearest takeaway from the conference was that the industry is finally beginning to develop new approaches that could narrow that gap — and adapt financial crime controls to the realities of a digital economy shaped by blockchain and increasingly by AI.
Useful material?
Research
One and the same cryptocurrency address received two completely opposite assessments from different analytics systems: from an ordinary gambling service to an extremely severe criminal offense. This story has become the starting point for a broader conversation about what the scientific standards of blockchain analysis should look like — and why errors in systems like these can shape the fates of real people.
Jul 1, 2026
Research
The blockchain has helped uncover the ties between cryptocurrency fundraising campaigns, exchangers in Syria, and intermediaries in several countries around the world. A telltale pattern has emerged in which the same addresses were used across multiple donation drives at once
Jun 24, 2026
Research
Four Iranian cryptocurrency exchanges accounted for roughly 78% of all digital asset volume tied to the country in 2025. They have now become the focal point of the largest U.S. sanctions campaign against Iran's cryptocurrency infrastructure.
Jun 5, 2026
Research
A financial system is already up and running on public blockchains, with loans, analogues of U.S. Treasuries, and automated capital markets. More than $551 billion has flowed through DeFi protocols — but most of that activity has nothing to do with the real economy and everything to do with the speculative build-up of risk.
May 29, 2026
Research
Around 97% of Chinese suppliers of chemicals used to make fentanyl accept payment in cryptocurrency. The volume of such transactions continues to grow alongside the global market for synthetic drugs
May 22, 2026
Research
For the first time, the new law makes blockchain analytics an officially mandatory tool of financial oversight in the United States. Authorities will also gain the power to restrict transactions with foreign crypto services tied to money-laundering risks.
May 20, 2026
Telegram
Twitter