For years, the crypto industry's dominant legal fear was the SEC. Securities enforcement shaped product decisions, chilled launches, and defined the legal conversation. That era is over, or at least no longer dominant. According to a new report from security firm CertiK, anti-money laundering enforcement has become the single biggest regulatory threat facing the crypto industry — and the numbers make the case bluntly.
U.S. AML fines hit $1.06 billion in just the first half of 2025. That figure alone eclipses what SEC enforcement actions produced over comparable periods. Meanwhile, new Basel banking rules and mandatory audit requirements are reshaping compliance obligations across the board. This isn't a passing headline. It's a structural shift in how regulators are approaching digital assets — and it has direct consequences for businesses and individuals operating in the space.
---
Why the Enforcement Lens Has Shifted
Securities enforcement against crypto was always partly about legal categorization — whether a token was a security, whether a protocol's launch constituted an offering. Those battles haven't disappeared, but they've become slower and more jurisdictionally complicated.
AML enforcement is different. It's cleaner, faster, and politically bulletproof. No regulator ever lost public support for cracking down on money laundering. The statutory frameworks are established, the penalties are severe, and agencies like FinCEN and the DOJ have deep experience prosecuting these cases in traditional finance. Applying that machinery to crypto requires less legal novelty than building a securities case around a DeFi governance token.
The CertiK report signals that regulators globally — not just in the U.S. — are using AML frameworks as their most effective lever against crypto non-compliance. Basel rules are now adding a banking-sector dimension: institutions that touch crypto assets face stricter capital and reporting requirements, which cascades into how exchanges, custodians, and on-ramp providers operate.
---
Japan's Move Is the Global Tell
If you want to see where this enforcement trend leads in practical terms, look at Japan. Four government agencies — including the Financial Services Agency — jointly warned the real estate and crypto sectors this week to tighten AML checks on property deals involving digital assets.
This is specific and telling. Crypto-funded real estate transactions are a known money-laundering vector globally. Property deals can be structured to obscure the source of funds, and when crypto is the funding mechanism, traditional bank compliance screens don't apply. Japan's move effectively signals that any sector where crypto intersects with high-value, illiquid assets is now under scrutiny.
The practical upshot for Japanese crypto firms: when a client wants to use digital assets in a real estate transaction, the verification requirements are about to get meaningfully more burdensome. KYC won't be enough — firms will likely need to trace fund provenance back through the blockchain, document the chain of custody, and flag unusual transaction patterns.
That model will spread. It already has equivalents across the EU under MiCA and AMLD frameworks.
---
What This Means If You Run a Crypto Business
The compliance implications are no longer theoretical. If your business touches customer funds in any capacity — an exchange, a wallet with fiat on-ramps, a crypto payments processor, a lending desk — you are operating in an environment where the AML enforcement risk now outweighs the securities risk.
A few specific pressure points to understand:
Transaction monitoring is table stakes, not a differentiator. Any crypto business without robust, documented transaction monitoring is one enforcement action away from a nine-figure fine. This means automated screening against sanctions lists, documented suspicious activity report (SAR) procedures, and clear escalation protocols.
Basel rules are changing the banking relationship. New Basel capital requirements for crypto-exposed institutions mean your banking partners are under more pressure to scrutinize their crypto clients. Expect more rigorous onboarding questionnaires, more frequent transaction reviews, and lower tolerance for ambiguous customer activity.
Mandatory audits are coming. The CertiK report notes that mandatory audit requirements are part of the new compliance landscape. Smart contract audits are already standard for DeFi protocols. AML audits — reviewed by third-party compliance specialists — are becoming a similar expectation for custodians and exchanges.
---
What This Means If You're an Individual User
This matters to retail users too, even if the fines land on businesses.
First, KYC requirements are intensifying. If you use a regulated exchange or on-ramp, expect the identity verification bar to get higher. Enhanced due diligence for large transactions, source-of-funds questions, and transaction monitoring flags are all becoming standard. This affects users who move large amounts between self-custody wallets and exchanges, because those movements can trigger AML screening even without any illegal activity.
Second, mixing services and privacy tools face increased scrutiny. The regulatory narrative around any tool that obscures transaction trails has hardened. Using a coin mixer or certain privacy-preserving protocols may trigger AML flags on compliant exchanges even if your underlying activity is entirely legitimate. Know your exchange's policies before moving funds that have touched these tools.
Third, crypto-funded real estate and high-value purchases are now a monitored category. If you're using digital assets to fund a property purchase, a business acquisition, or another large-value transaction, expect documentation requirements equivalent to what banks apply in traditional finance. The source of funds question — where did this crypto come from — is no longer just a question; it's a compliance requirement.
---
The Bigger Picture
The CertiK report and Japan's regulatory action this week are part of the same arc. Governments are not stepping back from crypto. They're finding more effective enforcement tools and applying them with increasing sophistication. Securities law was a messy fit for many crypto use cases. AML law is not — it applies broadly, penalizes harshly, and doesn't require proving intent in the same way a securities fraud case does.
For the industry, this is actually clarifying in one sense. The rules for operating a compliant crypto business are becoming more like the rules for operating any other financial business — burdensome, but legible. The worst regulatory environment is ambiguous enforcement. An environment where the rules are strict but explicit is one where you can build.
The challenge is that compliance costs are substantial. Smaller exchanges, emerging markets fintechs, and early-stage DeFi protocols don't have the resources that large custodians and established exchanges bring to compliance infrastructure. That gap will drive consolidation and, in some cases, push activity toward less regulated venues — which is exactly what AML enforcement is trying to prevent.
The transition is messy. But the direction is clear: AML compliance is now the foundational legal obligation for anyone operating in crypto, not a secondary concern behind securities law. Build your compliance stack accordingly, or plan to get out of the way of those who have.
---