For years, the story of crypto regulation in the United States was a story about the SEC. Enforcement actions, securities classifications, the long shadow of Gary Gensler — those were the headlines that rattled the market. That era isn't entirely over, but it's no longer the main event.

Anti-money laundering enforcement has quietly become the dominant legal threat facing crypto businesses, and a new report from security firm CertiK puts hard numbers to that shift. US AML fines in the first half of 2025 alone hit $1.06 billion — surpassing SEC penalties for the same period. That's not a blip. That's a structural change in how regulators are going after crypto.

And it isn't happening in a vacuum. The same week that data circulates, Japan's financial regulators are ordering both crypto firms and real estate companies to tighten AML checks on property transactions involving digital assets. Four Japanese government agencies issued a coordinated warning, citing the specific risk that crypto makes it easier to obscure the source of funds and the identity of buyers in real estate deals.

Two jurisdictions, two different angles, same underlying pressure. The compliance window is tightening globally.

What Changed — and Why Now

The shift from securities enforcement to AML enforcement reflects how the regulatory conversation has matured. Early crypto oversight was largely about whether tokens were unregistered securities — a framework that fit the ICO era and the enforcement priorities of the SEC. AML concerns are older, blunter, and cross-jurisdictional in a way securities law never was.

What changed the calculus: scale. As stablecoin transaction volume crossed $33 trillion in 2025 — exceeding global credit card volume according to Ripple — regulators stopped viewing crypto as a niche experiment and started treating it as a systemic payments rail that carries the same obligations as traditional finance.

When the volume gets that large, the question isn't whether someone is misusing crypto for illicit finance. The question is whether the industry has put in place the infrastructure to detect and report it. The answer, for much of the industry, has been no.

That gap is now being measured in billion-dollar fines.

Basel Rules and Mandatory Audits Are Adding to the Burden

Beyond enforcement actions, the CertiK report flags two structural shifts that will reshape how crypto firms operate:

Basel banking rules are being extended in ways that affect how institutions account for crypto exposure. For firms sitting at the intersection of traditional finance and digital assets — think crypto-friendly banks, custody providers, and institutional desks — these rules add capital requirements and compliance obligations that weren't previously on the table.

Mandatory audit requirements are expanding. Crypto firms that previously operated with minimal formal oversight of their financial controls are increasingly being required to demonstrate the same kinds of reporting and verification standards applied to regulated financial institutions.

This matters enormously for smaller exchanges, DeFi-adjacent businesses, and any firm that has grown quickly without building out compliance infrastructure. The assumption that "we're not a bank, so bank rules don't apply to us" is eroding fast.

Japan's Real Estate Warning Is a Preview of What's Coming

The Japanese warning deserves more attention than it will probably get. Four government agencies — including the Financial Services Agency — issued a coordinated directive telling crypto firms and real estate companies to implement stricter verification when crypto is involved in property deals.

The specific concern: real estate transactions using crypto can obscure who is actually buying a property and where the money originated. That's a well-documented money-laundering method in traditional finance. The concern is that crypto adds another layer of opacity on top of an already murky sector.

What this signals for the broader market is a pattern regulators are increasingly applying everywhere: any domain where crypto intersects with high-value, hard-to-trace transactions will get AML scrutiny. Real estate today. What's next — luxury goods, private lending, cross-border business payments?

The expansion of AML focus beyond obvious crypto-to-fiat exchanges is the understated trend here.

What Polymarket's CFTC Talks Reveal About the Regulatory Mood

There's a counterpoint worth noting. Polymarket is reportedly in active talks with the CFTC to bring its main prediction market exchange back to US traders, having previously blocked American access due to regulatory uncertainty.

If that application succeeds, it would represent a crypto company successfully navigating a regulatory process rather than being hit with an enforcement action. That's meaningful. The CFTC has historically been viewed as more pragmatic about crypto than the SEC — willing to engage on market structure questions rather than defaulting to a "this is a security" enforcement posture.

But the Polymarket situation also illustrates what the new compliance environment demands: formal regulatory approval, not informal tolerance. Companies that want access to US retail investors increasingly need to go through proper channels, file for the right designations, and build relationships with regulators before they have a problem — not after.

That's expensive. It's slow. And it filters out smaller players who can't afford the legal overhead.

The Miner Pressure Point

Meanwhile, the bitcoin mining sector is showing its own stress fractures. Riot Platforms extended its $200 million credit facility with Coinbase this week — a sign that, with bitcoin trading around $76,000, cash flow management is becoming a priority over accumulation.

When miners are forced to sell BTC to cover operating costs rather than holding it, it adds downward price pressure at exactly the wrong moment. That dynamic can become self-reinforcing: price drops, miners sell more, price drops further. It's not a crisis indicator on its own, but it's worth watching as a canary for whether current price levels are sustainable for high-cost mining operations.

What Readers Should Watch

Several signals are worth tracking in the weeks ahead:

The Polymarket-CFTC outcome. If the CFTC approves Polymarket's application, it sets a template for how prediction markets — and potentially other novel crypto products — can operate legally in the US. A denial, or prolonged silence, tells a different story.

AML enforcement actions against mid-tier firms. The $1.06 billion in first-half 2025 fines didn't all come from one target. Watch for actions against exchanges, OTC desks, and DeFi projects that haven't built robust compliance programs.

How crypto-real estate intersections are treated. Japan's directive will likely have echoes in other jurisdictions. If the FATF or European regulators follow with similar guidance, crypto firms active in real estate or high-value asset markets will face new requirements quickly.

Miner selling behavior. Extended credit facilities and low BTC prices are not a combination that supports price recovery. If more miners start liquidating holdings at scale, that's a concrete market pressure point.

The Takeaway

The crypto regulatory story in 2026 is not about whether digital assets will be regulated. That question is settled. The story now is about which regulatory frameworks are being applied most aggressively, and whether firms have built the infrastructure to survive them.

AML enforcement is the current front. It's harder to argue against than securities classification disputes — nobody wants to be the company that helped launder money. And the cross-border nature of AML obligations means there's no obvious jurisdiction to escape to.

For crypto businesses that have been running lean on compliance, the cost of catching up is rising. For investors, the signal is that regulatory risk is no longer a future concern to be priced in — it's an operating reality right now.