This article was first published on Deythere.
FATF crypto guidance is the Financial Action Task Force guidance on application of international AML/CFT standards to virtual assets (cryptocurrencies) and related service providers.
Starting in 2018-2019; the global anti-money laundering framework of FATF (Recommendations 15 and 16) was explicitly extended to include the crypto sector.
In other words, exchanges and wallets as well as other Virtual Asset Service Providers (VASPs) must apply comprehensive safeguards similar to banks that encompasses KYC/CDD, record-keeping, transaction monitoring, and reporting of suspicious activities.
The most important of which is the FATF “Travel Rule,” an interpretation of Recommendation 16 for crypto, which says VASPs must ensure they obtain and transmit originator and beneficiary customer data with each transaction.
What is FATF Crypto Guidance?
FATF (Financial Action Task Force) is an intergovernmental policy-making body that develops and promotes policies to protect the global financial system against money laundering; terrorist financing and related threats.
The virtual assets guidance includes FATF Recommendations and interpretative notes directly applicable to cryptocurrencies and VASPs. FATF amended Recommendation 15 in June 2019 to cover virtual assets; and that has led many AML/CFT rules to become binding on certain crypto activities.
What it actually means is that for the crypto world, services involved in virtual assets must assess customers and transactions the same way as financial service providers do.
As an example, FATF guidance mandates that VASPs must have CDD/KYC checks with record-keeping and suspicious activity reporting.
Put another way, crypto exchanges and wallet services will need to “adopt preventive measures akin to those of financial institutions.”
Main points of FATF crypto guidance include:
Risk-based approach: VASPs should assess their money-laundering/terrorism-financing risks and apply enhanced measures at high-risk situations.
Licensing/Registration(Rec 15): Competent authorities should require exchanges and custodians to register or license as a regulated financial institution and thereby under AML supervision.
Customer Due Diligence: VASPs need to conduct KYC; verify the identity of customers, screen for sanctions lists, and ensure enhanced due diligence on more high-risk clients.
Transaction Monitoring: This involves continuing to monitor crypto transactions and filing suspicious activity reports whenever a potentially illicit pattern is detected.
Travel Rule (Rec 16): Crypto transfers must carry originator/beneficiary data for tracing transactions.
FATF crypto guidance is not law itself but rather a global standard. Countries that are FATF members incorporate these standards into local law, and thus they apply to all crypto intermediaries in that jurisdiction. In short; FATF crypto standards means treating crypto transactions with bank-grade AML/CFT scrutiny.
FATF Crypto Guidelines: Key AML Rules for 2026
FATF crypto AML have become more detailed. The central elements are in the table below:
| Requirement | Action for VASPs |
| Customer Due Diligence (CDD/KYC) | Verify user identities, screen against sanctions; apply enhanced due diligence (EDD) |
| Transaction Monitoring | Continuously monitor and analyze crypto transactions for red flags; file Suspicious Transaction Reports (STRs) |
| Travel Rule | Collect, verify and securely send originator and beneficiary data with each VA transfer |
| Licensing/Registration (R.15) | Obtain AML registration or license; comply with national AML laws |
| Record Keeping | Maintain transaction records and client information for required retention period |
| Risk Assessment (R.15) | Conduct ML/TF risk assessments for crypto activities (including DeFi, P2P transfers) and mitigate identified risks |
| Enhanced Measures for Stablecoins | Recognize stablecoins’ risk (rapid growth and illicit use); apply AML controls (freezing, address blocklists) as needed |
| Unhosted Wallet Controls | Flag and mitigate P2P transfers to/from unhosted wallets (e.g. require on-chain narrative triggers or EDD) |
Stablecoins and Unhosted Wallets: FATF Asserts New Priorities
In particular; stablecoins and unhosted (peer-to-peer) wallets are the two areas with rising money laundering and terrorist financing risks that FATF crypto guidance has shown interest. A March 2026 FATF report warns that criminals increasingly abuse stablecoins and unhosted wallets for illicit transfers. Key findings include:
History of Stablecoins in Illicit Finance: Stablecoins reportedly dominated illicit activity by 2025. Stablecoins have taken the lead from Bitcoin with 84% of illicit crypto transaction volume in 2025 according to Chainalysis data. Due to their price stability and liquidity, they seem fit for money laundering, ransomware payments or sanctions evasion. As a case in point, notorious state-affiliated groups (DPRK, Iran) today, use stablecoins to launder cybercrime income.
Unhosted wallets (also known as peer-to-peer wallets): In unhosted wallets, individuals have complete control over the keys without a regulated intermediary. These wallets allow for P2P transactions outside of any virtual asset service provider’s (VASP) knowledge. According to the FATF, unhosted wallets are used for hiding where transactions come from as they happen without a regulated intermediary. Due to the lack of AML data being supplied, they are therefore a hot ground for illicit transfers.
FATF expects jurisdictions to identify the special risks posed by stablecoins despite the fact that FATF baseline standards cover all VASPs (so issuers, exchanges, and custodians are subject to AML rules). The March 2026 report urges countries to impose AML duties to issuers and intermediaries of stablecoins, along with special controls like freezing functions and KYC at the time of redemption.
It further outlines best practices that stablecoin issuers should allow accounts to be frozen or blacklist suspicious addresses, and authorities should improve blockchain analytics for large P2P transfers.
In short, this means FATF crypto guidance also explicitly includes stablecoins and unhosted wallets. With stablecoins flows and transfers from self-custody wallets now in the regulatory eyes, compliance teams need to pay attention.
Global Implementation of FATF Crypto Guidance
Most nations have since moved to put into practice the crypto rules put forth by FATF. According to a 2024 review by the FATF, most of these jurisdictions with significant crypto activity have since implemented these frameworks.
| Implementation Metric | Jurisdictions with Major Crypto Activity |
| Completed AML/CFT risk assessment | 100% |
| Licensing/registration laws enacted | 91% |
| Travel Rule laws enacted | 84% |
| Jurisdictions banning crypto/VASPs | 9% (3 countries) |
Examples by country/region:
In the EU; the legislation brings Crypto-Asset Service Providers (CASPs) to full application of AML rules including the FATF-style Travel rule. The UK’s FCA requires crypto firms to register and comply with money-laundering regulations; and is expanding oversight from 2027 under a new FCA regime.
Most exchanges in the US comply with FinCEN’s AML rules as Money Services Businesses (MSBs); and the recently introduced GENIUS Act (2025) treats stablecoins clearly under Bank Secrecy Act.
The UAE and Singapore have similarly adopted FATF compliant measures: e.g. Dubai has established a Virtual Assets Regulatory Authority (VARA) which requires Know Your Customer (KYC) from VASPs, whilst Abu Dhabi’s ADGM is requiring compliance and adopted the Travel Rule.
In summary, FATF crypto guidance is rapidly becoming the accepted global regulatory framework.
Expert Insights and Outlook
According to industry analysts and experts, FATF´s crypto guidance has literally raised the bar for compliance in crypto. FATF itself has warned that anonymity-enhancing technologies (mixers, privacy coins) are a growing concern, pushing VASPs to adapt their controls.
The FATF blueprint has been followed by remarkable actions. An example is the Binance’s 2023 $4.3 billion penalty related mainly to AML failures and Travel Rule breaches.
In 2025, global AML fines fell in general, yet the crypto firms nonetheless faced $1 billion-plus of crypto-related penalties. This included $297 million against KuCoin for AML deficiencies as well as a further $100M fine on BitMEX and a sanction of over $500M against OKX.
This kind of enforcement means regulators on all shores now consider crypto lapses as seriously as bank compliance failures. FATF is expected to continue its update of guidance over the coming years.
With emerging crypto trends such as DeFi platforms and NFTs, it is acceptable that FATF will be keeping a close eye on such developments and clarifying its standards as relevant situations arise.
Conclusion
FATF crypto guidance has set up binding global AML framework for the entire crypto sector. These regulations apply to exchanges and wallets around the world; of which if they don’t comply (to the KYC, Travel Rule, etc.), there will be consequences.
In 2026; almost all major markets have laws following the FATF’s standards.
Crypto firms should therefore invest in strong, technology-driven compliance (e.g. automated KYC/KYB, blockchain analytics, travel-rule APIs) to operate globally.
In this day and age, strong governance, combined with real-time monitoring is a prerequisite.
Glossary
Virtual Asset: A digital representation of value (such as cryptocurrency or token) that can be traded or used as payment.
VASP (Virtual Asset Service Provider): An entity providing crypto related services for others.
Travel Rule: A FATF obligation (Recommendation 16) for crypto: Virtual Asset Service Providers (VASPs) must obtain; maintain and transmit originator and beneficiary information with each virtual asset transfer.
Know Your Customer/Customer Due Diligence (KYC/CDD): AML procedures to verify a customer’s identity and assess their risk.
Unhosted Wallet (P2P Wallet): A crypto wallet where the user alone controls the private keys.
AML/CFT (Anti-Money Laundering/Combating Financing of Terrorism): Laws and policies to prevent and detect money laundering and terrorist financing.
Frequently Asked Questions About FATF Crypto Guidance
What is the FATF Travel Rule in crypto?
It requires Virtual Asset Service Providers (VASPs) to collect and share the sender’s and receiver’s identifying information (e.g. name, account details); whenever they transfer crypto on behalf of customers.
Which crypto businesses fall in FATF crypto guidance?
Any entity that provides a crypto exchange, custody; transfer or issuance service for other persons. This covers CEX; broker-dealers, wallet custodians, payment processors and even some DeFi platforms if they operate in a centralized manner.
What is an unhosted (peer-to-peer) wallet in terms of FATF guidance?
An unhosted wallet is a noncustodial wallet; which means the user alone holds their keys with no regulated intermediary (i.e. there is no exchange and/or custodian). FATF states that peer-to-peer transactions between unhosted wallets bypass monitoring.
How have countries applied the FATF crypto AML rules?
FATF-style AML laws for crypto have been enacted or are being enacted in many major jurisdictions. FATF’s data indicates that VASP licensing/registration laws are in place for approximately 91% of countries with significant crypto activity; and the crypto Travel Rule has been enacted by roughly 84%. Very few (e.g. China, Egypt, Saudi Arabia) outright ban crypto.
References
Disclaimer: The following article is purely informative and should not be relied upon as legal or financial advice.
For advertising inquiries, please email . [email protected] or Telegram
