Key takeaways

  • AML fights financial crime by tracking and reporting suspicious crypto transactions.
  • Know Your Customer (KYC) checks are a cornerstone of AML, verifying user identities.
  • The Travel Rule mandates data-sharing for large crypto transfers, curbing anonymity.
  • Noncompliance can lead to hefty fines and legal repercussions or expose platforms to security vulnerabilities.

Cryptocurrency’s rise has brought opportunity and risk, thrusting AML measures into the spotlight as regulators and platforms scramble to keep illicit funds at bay

This guide unpacks AML’s role in crypto, from its basics to global regulations like the Travel Rule, offering beginners a clear path through the maze of compliance. 

What is Anti-Money Laundering?

Anti-Money Laundering (AML) refers to a set of laws, regulations and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. 

In the context of cryptocurrency, AML aims to curb the misuse of digital assets for illicit activities such as money laundering, terrorism financing and fraud.​ Money laundering typically involves three steps: placing dirty money into the system, layering it through complex transactions to obscure its origin, and integrating it back as clean funds. 

Cryptocurrencies, with their pseudonymous nature, can make this easier, but regulations are in place to fight back. Implementing robust AML measures helps ensure the integrity of financial systems and fosters trust among users and regulators.

How cryptocurrencies facilitate money laundering

Cryptocurrencies can be attractive for money laundering due to:

  • Anonymity: Transactions on the blockchain are public, but wallet owners’ identities are often hidden, allowing for pseudonymity.
  • Cross-border ease: Enables fast, low-cost transfers across borders, bypassing traditional banking oversight.
  • Irreversibility: Once confirmed, transactions can’t be reversed, reducing the risk of funds being seized.
  • Liquidity: Crypto can be quickly converted into other assets or fiat currency through exchanges.

Criminals might convert illicit funds into crypto, move them through multiple wallets or exchanges to obscure the trail, and then convert them back, sometimes using privacy coins like Monero (XMR) or nested services for added anonymity.

Did you know? The Bybit hack on Feb. 21, 2025, saw hackers steal $1.5 billion in Ether (ETH) from a cold wallet, making it the largest crypto heist ever.

What is the Travel Rule and its role in AML?

The Travel Rule is a global regulation from the Financial Action Task Force (FATF) that requires cryptocurrency businesses — like exchanges and wallet providers — to share identifying information about senders and receivers for certain transactions. 

Think of it as a digital passport check: When you send crypto worth more than a set amount (e.g., $3,000 in the US), both the sending and receiving platforms must exchange details like names and addresses. 

Introduced in 2019 as part of FATF’s Recommendation 16, it’s a key piece of AML efforts to stop money laundering and terrorism financing by linking anonymous blockchain transactions to real people. 

In AML, the Travel Rule strips away crypto’s pseudonymity, making it harder for criminals to move dirty funds unnoticed, for example, by shuffling Bitcoin (BTC) through exchanges. It also challenges the industry with tech hurdles and privacy debates and has seen spotty compliance as of March 25, 2025.

Global AML regulations in cryptocurrency

Global AML cryptocurrency regulations vary by jurisdiction, often built on FATF recommendations. 

Below is a detailed breakdown for key countries, including regulatory bodies, laws, affected entities and implementation status of the Travel Rule.

Pros and cons of multi-sig cold wallets

United States

  • Regulatory bodies: Financial Crimes Enforcement Network (FinCEN), Commodity Futures Trading Commission (CFTC), Securities and Exchange Commission (SEC).​
  • Key regulations: The Bank Secrecy Act (BSA) requires crypto exchanges to register as Money Services Businesses (MSBs) and adhere to AML obligations. In 2019, FinCEN issued guidance clarifying the application of BSA to certain business models in the virtual assets field.
  • Requirements:
    • Know Your Customer (KYC): Obligatory for crypto exchanges to implement robust customer verification processes.
    • Transaction monitoring: Exchanges must monitor transactions for suspicious activity.
    • Suspicious activity reporting (SAR): Crypto firms must file SARs for transactions deemed suspicious.
    • Travel Rule: A key requirement that mandates sending and receiving entities to share specific customer data for transactions above $3,000.

European Union (EU)

  • Regulatory bodies: Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), European Banking Authority (EBA), European Securities and Markets Authority (ESMA).
  • Key regulations: The EU’s Fifth Anti-Money Laundering Directive (5AMLD) mandates that crypto businesses comply with KYC and AML regulations. The EU’s Sixth Anti-Money Laundering Directive (6AMLD), in force since July 2024, strengthens institutional frameworks, while the AML Regulation (AMLR), effective July 2027, enhances requirements for crypto businesses.
  • Requirements:
    • KYC: Mandatory for crypto platforms to verify the identity of their users.
    • Transaction reporting: Similar to the US, crypto businesses must report suspicious transactions to Financial Intelligence Units (FIUs).
    • Travel Rule: The 5AMLD requires crypto businesses to apply the Travel Rule for certain transfers, with full implementation standardized under the Transfer of Funds Regulation (TFR) by July 2027.

Did you know? The EU’s Recast TFR  (Regulation (EU) 2024/1620), part of the latest AML Package, is set to revolutionize how crypto transactions are tracked. Starting July 10, 2027, it will enforce the Travel Rule — aligned with FATF Recommendation 16 — requiring CASPs to share detailed originator and beneficiary info for all transfers above €1,000. This updates the patchy framework of the 5AMLD, which has been in place since 2020 but varies widely across EU countries.

United Kingdom

  • Regulatory bodies: Financial Conduct Authority (FCA), His Majesty’s Treasury (HMT)
  • Key regulations: Under the UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations, cryptocurrency businesses must register with the FCA and comply with KYC and AML regulations.
  • Requirements:
    • KYC: Crypto exchanges must conduct customer verification before allowing transactions.
    • Suspicious activity reporting (SAR): Required for all crypto transactions flagged as suspicious.
    • Travel Rule: The FCA requires the implementation of the Travel Rule for crypto transactions above 1,000 British pounds.

Canada

  • Regulatory bodies: Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canadian Securities Administrators (CSA)
  • Key regulations: Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) require crypto exchanges to register with FINTRAC and adhere to AML/KYC requirements.
  • Requirements:
    • KYC: Crypto businesses must verify the identity of customers before any transaction.
    • Transaction reporting: Crypto firms must report suspicious transactions.
    • Travel Rule: Canada follows similar guidelines to the US and EU, applying the Travel Rule to transactions over CA$1,000.

Australia

  • Regulatory bodies: Australian Transaction Reports and Analysis Centre (AUSTRAC)
  • Key regulations: The Anti-Money Laundering and Counter-Terrorism Financing Act (AML/CTF Act) requires cryptocurrency exchanges to register with AUSTRAC and comply with AML/CFT requirements.
  • Requirements:
    • KYC: Crypto businesses are required to conduct identity verification.
    • Transaction monitoring: Ongoing monitoring of transactions for suspicious activity.
    • Travel Rule: Australia implements the Travel Rule for transactions over AU$1,000 as part of AUSTRAC’s broader AML/CFT obligations.

Japan

  • Regulatory bodies: Financial Services Agency (FSA)
  • Key regulations: Japan’s Payment Services Act requires crypto exchanges to register with the FSA and comply with AML obligations.
  • Requirements:
    • KYC: Exchanges must verify the identity of their users, in line with local regulations.
    • Transaction reporting: Suspicious transactions must be reported.
    • Travel Rule: Japan requires the Travel Rule to be implemented for transactions involving virtual assets, aligned with international standards.

Singapore

  • Regulatory bodies: Monetary Authority of Singapore (MAS)
  • Key regulations: Under the Payment Services Act (PSA), cryptocurrency exchanges in Singapore must adhere to AML and KYC requirements.
  • Requirements:
    • KYC: Crypto exchanges must implement strict identity verification.
    • Transaction monitoring: Ongoing surveillance of transactions for signs of money laundering or terrorist financing.
    • Travel Rule: The Travel Rule applies to crypto businesses in Singapore for transactions exceeding SG$1,500.

Switzerland

  • Regulatory bodies: Swiss Financial Market Supervisory Authority (FINMA)
  • Key regulations: Switzerland’s Anti-Money Laundering Act (AMLA) governs the operations of financial institutions, including crypto exchanges.
  • Requirements:
    • KYC: Crypto platforms must conduct customer identification and verification.
    • Suspicious activity reporting: Crypto exchanges are required to report suspicious activities to authorities.
    • Travel Rule: Switzerland follows the Travel Rule for cryptocurrency transactions, as per FATF recommendations.

Other key countries

  • Hong Kong: Crypto businesses must comply with AML/KYC regulations under the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (AMLO). The Travel Rule applies to transactions above HK$8,000.
  • India: While India’s cryptocurrency regulations are still evolving, the Enforcement Directorate has begun applying AML principles to crypto exchanges under the Prevention of Money Laundering Act (PMLA). The Travel Rule is not yet fully implemented but is expected to align with FATF standards.
  • South Korea: The Financial Services Commission (FSC) enforces AML/KYC requirements under the Act on Reporting and Use of Specific Financial Transaction Information. South Korea also adheres to the Travel Rule for crypto transactions exceeding 1 million Korean won. 

Did you know? Blockchain analysts linked the Bybit hack to North Korea’s Lazarus Group, who laundered over $400 million of the stolen ETH within days using decentralized exchanges and crosschain bridges, outpacing all of their 2024 crypto thefts combined ($1.34 billion), as reported by Chainalysis. 

How AML impacts crypto users

AML rules reshape how users interact with crypto. Exchanges now demand KYC — think ID scans and address proof — slowing onboarding but boosting legitimacy. Transaction monitoring might flag large or odd transfers, delaying trades or triggering SARs, especially for non-domiciled users with US ties facing IRS scrutiny via Form 1099-DA. 

The Travel Rule adds friction to cross-border swaps, requiring personal data that clashes with crypto’s privacy ethos. While this curbs illicit use, it raises costs for platforms (potentially passed on to users) and could push some to unregulated DeFi — though regulators are eyeing that space too.

Whether you’re a trader, a non-domiciled investor or just crypto-curious, understanding AML isn’t just smart, it’s essential. With enforcement tightening and incidents like Bybit’s 2025 hack highlighting the risks, compliance serves as the compass guiding crypto users toward safer shores in the digital landscape.