Over the past several years, stablecoins have become a cornerstone of the digital asset ecosystem. Whether facilitating liquidity on exchanges, powering decentralized finance (DeFi), or serving as a bridge between fiat and crypto markets, stablecoins are no longer a niche product—they are infrastructure.

At the same time, they have become a focal point for policymakers, regulators, and law enforcement—rightly so.

You’ve likely seen the statistic repeated in industry reports and media coverage: a significant share of illicit cryptocurrency activity—often cited at ~80–90% depending on methodology and timeframe—is associated with stablecoins. While the exact percentage can vary depending on the dataset and analytics provider, the directional takeaway is clear:

Stablecoins are disproportionately represented in illicit activity relative to their role in the broader ecosystem.

That reality has not gone unnoticed.

Between legislative efforts like the GENIUS Act, increased regulatory scrutiny, and enhanced blockchain analytics capabilities, stablecoins are firmly in the crosshairs.

But here’s the issue:
While there is no shortage of commentary highlighting the risks, there is a noticeable gap in actionable, operational compliance best practices for crypto companies.

“Screen better.”
“Enhance AML controls.”
“Monitor transactions more closely.”

Or, just as often, criticism and blame redirected at stablecoin issuers—thinly disguised as analysis:

“Be more cooperative with law enforcement.”
“Block illicit transactions.”

All true. All necessary.
But also—not nearly specific enough.

At BitAML, we’ve always taken a practical, risk-based approach. And in that spirit, this article focuses on what crypto companies should actually do to address AML risk associated with stablecoins—beyond the basics. (We’ll explore what stablecoin issuers should do in Part 2 of this short series.)

We also recognize that we don’t have a monopoly on good ideas. If you’ve authored or come across thoughtful, substantive work in this area, we welcome it. This is a rapidly evolving space, and the best outcomes will come from shared insight and collaboration.

Why Stablecoins Demand Priority in a Risk-Based AML Program

A foundational principle of any AML program is the risk-based approach. Resources should be allocated where risk is greatest.

Stablecoins present unique characteristics that elevate their risk profile:

1. Dollar-Denominated Familiarity

Stablecoins—particularly USD-pegged assets—remove volatility and create psychological and functional equivalence to fiat currency. This makes them more attractive for illicit actors seeking predictability.

2. Liquidity & Ubiquity

Stablecoins are widely accepted across exchanges, DeFi protocols, OTC desks, and cross-border transactions. Their interoperability makes them efficient vehicles for layering and movement of funds.

3. Speed & Finality

Transactions settle quickly, often irreversibly, and across jurisdictions—complicating recovery and enforcement efforts.

4. Integration with High-Risk Typologies

Stablecoins frequently intersect with:

• Fraud and scams (e.g., pig butchering schemes)
• Sanctions evasion
• OTC brokering and informal value transfer systems
• Cross-border capital controls evasion

The Industry Gap: Awareness vs. Execution

There is broad agreement on the following:

• Stablecoins carry elevated AML risk
• Regulatory scrutiny is increasing
• Controls must evolve accordingly

Where the industry falls short is in translating that awareness into granular, operational controls.

Let’s change that.

1. Recalibrate Transaction Monitoring: Stablecoins Are Not “Just Another Asset”

Too many monitoring systems treat stablecoins similarly to other crypto assets. That’s a mistake.

Stablecoins behave differently—and your controls should reflect that.

A. Implement More Conservative Thresholds

Because not all cryptocurrencies are created equal, neither is their risk profile. If stablecoins pose a (much higher level of risk, why wouldn’t we lower the dollar-denominated threshold and apply other more conservative thresholds than that of other coins. In fact, some crypto companies may already be applying more conservative thresholds to privacy coins. 

Practical steps:

• Lower alert thresholds for stablecoin transactions relative to other crypto assets
• Apply stricter rules for:
  • Volume (daily, monthly, etc.)
  • Transaction velocity (inflow/outflow cycles)
  • Deviation from anticipated or actual transaction activity

B. Monitor Volume, Velocity, and Behavioral Deviations

Stablecoin misuse often appears in patterns, not just single transactions.

Focus on:

• Rapid cycling of funds (in-and-out behavior)
• Sudden spikes in stablecoin usage vs. historical norms
• Inconsistencies with stated customer profile or expected activity

C. Combine Alerts—Don’t Treat Them in Isolation

One of the most overlooked opportunities in transaction monitoring is alert correlation.

For example:

• Stablecoin + high-risk jurisdiction exposure
• Stablecoin + interaction with newly created wallets
• Stablecoin + known scam typologies

Individually, these may not trigger escalation.
Together, they should.

Oh, and don’t forget to continue tuning those alert routines.

2. Enhance Customer Risk Profiling for Stablecoin Exposure

Stablecoin activity should influence customer risk ratings more directly.

A. Incorporate Stablecoin Usage into Risk Scoring

Customers heavily transacting in stablecoins—especially at scale—should receive:

• Higher inherent risk scores
• Increased monitoring frequency
• Lower thresholds for alerting

B. Identify High-Risk Stablecoin Use Cases

Not all stablecoin activity is equal. Focus on:

• High-frequency traders using stablecoins as settlement rails
• Cross-border payment flows lacking clear economic purpose
• Accounts interacting with OTC desks or liquidity providers

3. Expand Enhanced Due Diligence (EDD)—Especially for Institutional and OTC Activity

Enhanced Due Diligence is often where AML programs either succeed or fail.

Stablecoins raise the bar.

A. Deepen EDD for Business and Entity Customers

Particularly for:

• Crypto OTC desks
• Market makers
• Liquidity providers
• Payment intermediaries

EDD should include:

• Ownership and control structure analysis
• Source of funds and source of wealth validation
• Business model assessment (how stablecoins are used operationally)

B. Understand the OTC Desk Risk

The term “OTC desk” in crypto is often loosely defined.

It can range from:

• Fully compliant institutional trading desks
  to
• Informal brokers facilitating high-risk flows
• And other descriptors inbetween

Action item:
Do not rely on labels—verify substance.

C. Ongoing EDD, Not One-Time Reviews

Stablecoin exposure can change rapidly.
EDD should be:

• Periodically refreshed
• Event-driven (triggered by changes in activity patterns)

4. Enhance Your Coin Due Diligence Policy (Including Stablecoins)

Every crypto company should already have a coin/token due diligence policy in place.

This is often overlooked or treated as a checkbox exercise.

It shouldn’t be.

A. Go Beyond Listing Criteria

Your policy should evaluate:

• Stablecoin issuer structure and governance
• Reserve transparency (for fiat-backed stablecoins)
• Redemption mechanisms
• Jurisdictional exposure
• Historical misuse patterns

B. Define Coin-Specific Risk Ratings

Not all stablecoins carry the same risk.

For example:

• Widely regulated, transparent issuers vs. opaque alternatives
• Centralized vs. decentralized stablecoins
• Geographic and regulatory exposure

C. Align Controls to Coin Risk

This is critical.

Your policy should explicitly answer:

“What additional controls apply when customers transact in this specific digital asset?”

Examples:

• Lower monitoring thresholds
• Mandatory EDD triggers
• Restricted access for certain customer types

5. Integrate Blockchain Analytics More Intentionally

Most firms use blockchain analytics tools.
Fewer use them strategically.

A. Prioritize Stablecoin-Specific Risk Indicators

Focus on:

• Exposure to sanctioned entities
• Interaction with known scam wallets
• Links to high-risk services

B. Look Beyond Direct Exposure

Indirect exposure matters.

For example:

• Funds flowing through intermediary wallets
• Layering through multiple hops before reaching your platform

C. Calibrate Risk Scoring

Ensure your analytics provider’s risk scoring:

• Reflects stablecoin-specific typologies
• Is aligned with your internal risk appetite

6. Strengthen Controls Around Fiat On/Off Ramps

Stablecoins often act as a bridge between fiat and crypto.

This creates risk at entry and exit points.

A. Scrutinize Funding Sources

Pay close attention to:

• Bank wires and ACH transfers funding stablecoin purchases
• Third-party payment intermediaries

B. Monitor Redemption Behavior

Watch for:

• Rapid conversion from stablecoin to fiat
• Patterns consistent with layering or integration

7. Governance, Documentation, and Audit Readiness

Regulators are increasingly focused on how firms operationalize risk-based controls.

A. Document Your Stablecoin Risk Framework

Be prepared to explain:

• Why stablecoins are high risk
• How your controls address that risk
• How thresholds and monitoring differ from other assets

B. Align with Regulatory Expectations

Legislation like the GENIUS Act signals where things are headed:

• Greater oversight of issuers
• Increased expectations for transparency
• Potential downstream compliance obligations

C. Test and Validate Your Controls

This includes:

• Model validation for transaction monitoring
• Independent AML audits
• BSA/AML risk assessments
• Scenario testing for stablecoin typologies

8. Training: Make Stablecoin Risk Real for Your Team

Even the best controls fail without proper execution.

A. Train Analysts on Stablecoin Typologies

Ensure teams understand:

• How illicit actors use stablecoins
• What red flags look like in practice

B. Move Beyond Theory

Use:

• Real-world case studies
• Internal examples
• Hands-on alert review exercises

9. Collaboration & Information Sharing

No single firm has a complete view of risk.

A. Engage with Industry Groups

Collaboration across:

• Exchanges
• Industry trade associations
• Compliance firms
• Law enforcement

B. Share Insights

If you’ve developed effective controls or identified new typologies:

• Publish
• Present
• Contribute to the broader conversation

Final Thoughts: From Headlines to Execution

Stablecoins are not going away.

If anything, their role will continue to expand—particularly as regulatory frameworks evolve and institutional adoption grows.

The conversation around stablecoin risk is no longer about whether they pose AML challenges. That’s settled.

The real question is:

What are you doing about it—specifically?

A risk-based approach demands prioritization.
And today, that means giving stablecoins the attention—and controls—they warrant.

At BitAML, we believe the industry benefits from moving beyond high-level observations to practical implementation.

We also recognize that this is a shared effort.

If you’ve written or read thoughtful, substantive work on this topic, we encourage you to share it. The more we collectively refine our approaches, the stronger the ecosystem becomes.

Interested in strengthening your AML program for stablecoin risk?
BitAML works with crypto companies, financial institutions, and policymakers to design, test, and enhance compliance frameworks tailored to real-world risks.

Contact us at info@bitaml.com to learn more.