For years, the working assumption inside crypto was that the SEC was the monster under the bed. Watch for securities violations, stay clear of tokens that look like unregistered offerings, and you'd probably survive. That framework is now outdated.
A new report from CertiK shows that U.S. anti-money laundering fines hit $1.06 billion in just the first half of 2025, eclipsing SEC penalties as the dominant enforcement threat facing digital asset firms. That shift didn't happen overnight, but the speed at which it has consolidated into the industry's primary legal exposure is striking — and the regulatory infrastructure tightening around it is only getting more complex.
What Changed and Why
The SEC's crypto enforcement posture has softened meaningfully in recent months. The DOJ is also reportedly recalibrating its crypto enforcement approach. But the agencies responsible for financial crime — Treasury's FinCEN, the DOJ's money laundering units, and international counterparts — haven't softened at all.
AML violations are structurally different from securities cases. Securities enforcement is largely about disclosure, registration, and whether a token constitutes an investment contract. AML violations cut deeper: they concern whether a firm has adequate know-your-customer procedures, transaction monitoring systems, suspicious activity reporting, and record-keeping that meets federal standards. These are table-stakes obligations for any institution handling money, and crypto firms have historically run behind the curve on all of them.
The CertiK data covers only the first six months of 2025. Extrapolated across a full year, and layered onto new compliance obligations coming online, the trajectory points toward AML becoming the defining legal cost center for the industry heading into 2027.
Basel Rules and Mandatory Audits Are the Next Wave
Beyond the fine totals, the structural framework is also changing. New Basel Committee banking rules are tightening how banks and financial institutions calculate capital requirements when holding or exposing themselves to crypto assets. This creates a compliance ripple effect: any crypto firm that touches institutional capital — through custody, lending, or settlement — now faces its counterparties operating under stricter risk frameworks.
At the same time, mandatory audit requirements are expanding for crypto firms. That means independent third-party verification of reserves, transaction flows, and internal controls — a significant operational lift for platforms that have previously relied on voluntary or self-reported disclosure.
Together, Basel and mandatory audits raise the cost of doing business in crypto in ways that are fundamentally different from litigation risk. You can't settle your way out of insufficient internal controls. You have to build them.
Japan Just Made It More Global
The same day the CertiK AML report circulated, Japan's Financial Services Agency and three other government ministries issued a formal warning to both crypto firms and real estate companies about money-laundering risks in property transactions involving digital assets.
The Japanese government's concern is specific and practical: crypto-funded real estate deals can obscure where money came from and who is actually buying. Four agencies coordinating a joint directive to two different industry sectors is not a routine compliance reminder — it signals that regulators are connecting the dots between crypto liquidity and hard-asset markets in ways they weren't before.
This matters globally because Japan has historically been one of the more structured and early-mover crypto jurisdictions. When the FSA moves, it often signals where other regulators are heading.
Riot's Balance Sheet Illustrates the Pressure
Separately, Riot Platforms extended its $200 million credit facility with Coinbase this week. Read in isolation, that looks like routine treasury management. Read in the context of a crypto market where Bitcoin is trading around $76,000 and mining economics are compressed, it suggests that major miners are maintaining access to liquidity they may need to draw on.
Miners sitting on large BTC holdings under credit facility agreements are more likely to sell into weakness to service obligations — creating incremental downward pressure on prices at exactly the moments when prices are already under stress. It's not panic selling; it's structured selling. But the effect on order flow is similar, and it's worth watching as a market dynamic.
The broader point: the firms most exposed to crypto's operational risks — exchanges, miners, custodians — are the ones now facing the steepest compliance build-out costs. The combination of balance sheet pressure and rising AML compliance overhead creates a margin squeeze that smaller operators are poorly positioned to absorb.
What the AML Shift Means for Readers
If you're an individual holder of crypto assets, none of this affects you directly in the near term. But it does affect the platforms you use.
Exchanges and custodians that lag on AML infrastructure are facing either regulatory action or a forced compliance build-out that will cost real money. In the short run, some of that cost gets passed to users through higher fees, tighter account verification requirements, or more aggressive transaction monitoring that flags ordinary activity as suspicious.
More practically: if a platform you use gets hit with a major AML fine, the business disruption is real. Regulatory consent decrees often come with operational restrictions. Platforms that are already behind on compliance are the ones most likely to hit these walls.
The question to ask about any exchange or custodian you're using isn't whether they have a good interface or low fees. It's whether they've actually built the compliance infrastructure that the current regulatory environment demands.
What to Watch Next
Three things worth tracking over the next 90 days:
FinCEN rulemaking. Treasury's financial intelligence unit has signaled continued attention to crypto's role in illicit finance. Any new proposed rules on reporting thresholds or transaction monitoring requirements will land on top of the Basel and audit obligations already in motion.
Polymarket's CFTC talks. Separate from AML, Polymarket is reportedly in active discussions with the CFTC about reopening its primary exchange to U.S. traders. If approved, that would set a precedent for how prediction markets get classified and regulated under federal oversight — and potentially model a path for other crypto platforms seeking to operate in the U.S. under a formal regulatory umbrella rather than around one.
Mining sector liquidity. If Bitcoin stays soft, watch for increased selling pressure from miners managing credit obligations. That's not a prediction — it's a structural dynamic to understand before it shows up in price action.
The SEC era of crypto regulation isn't over, but it's no longer the primary axis of legal risk. AML is. Firms that recognize this first will spend less money learning it the hard way.
---