5 Steps to a Successful Crypto AML Program

As cryptocurrencies become increasingly mainstream, regulators, the media and policymakers are paying more attention to the financial crime risks associated with them. But what are the biggest compliance challenges crypto firms face, and what does a best practice AML program look like? 

We explore these topics in detail in our new, in-depth research report, which can be downloaded for free here. Below is a summary of our 5 step AML program: 

1. Establish A Comprehensive Risk Assessment

The risk assessment is an opportunity to identify the AML/CFT risks a crypto firm faces and design a plan that mitigates them. While the overarching considerations are similar to other financial institutions, there are nuances. These include:

  • Emphasizing proper onboarding processes
  • Tracing the flow of money
  • Anticipating regulators’ expectations
  • Undertaking a virtual asset risk assessment

In addition, firms must keep in mind that the risk assessment isn’t a one-and-done requirement, but rather should be viewed as a living document. Crypto firms should revisit the risk assessment regularly: at minimum, they should conduct a review annually.

2. Understand Key Typologies

Money mules, fraudulent accounts, identity theft and account takeover fraud, among others, are concerns shared by all financial institutions. Typologies may also vary in individual markets — some firms told us they will leverage FATF typologies where they’re entering new markets and don’t have historic customer data to work from. Overall, however, the firms we interviewed highlighted a number of typologies including layering, dusting, money mules, the laundering of NFTs, and payment for goods or services on darknet markets using cryptoassets. 

3. Hire the Right Personnel

Several of the crypto firms we interviewed mentioned their inclination to look to other firms in the sector for talent. After all, there is value in a deep understanding of the crypto space when evaluating the risk landscape and how to best adapt systems and processes to flag suspicious customers and transactions. However, many other firms we interviewed stressed that this may not always be the best approach. The dynamics and intricacies of cryptocurrencies and other virtual assets, while complicated, can be taught. 

Instead, those in the crypto space would do well to expand their talent pool and look for candidates with transferable or complementary skills and knowledge. A well-rounded team may include individuals with backgrounds in areas such as traditional finance, policy making/regulatory bodies and law enforcement. 

4. Invest in the Right Technology

For most firms, the time, energy and resources spent building AML/CFT compliance solutions would have been better spent elsewhere. After some trial and error, many firms choose to look externally for compliance tools, concluding that there are existing solutions that serve their needs or that can do so with a bit of tweaking.

Instead of trying to reinvent the wheel, crypto firms should look for solutions that help automate these compliance processes, including:

  • Onboarding and identity verification
  • Screening and monitoring
  • Transaction monitoring

5.  Manage Internal and External Stakeholders

The Executive Team and Board

It may be tempting to lean into the argument that not taking action on compliance will lead to negative consequences, including reputational damage and revocation of licenses. But that line of reasoning will only take compliance officers so far — and won’t enable productive conversations or foster a culture of compliance. Instead, education is crucial. The board and the executive team should come away from conversations about compliance with an understanding of not just what the regulations are but how working within them can benefit the company’s bottom line. 


A firm’s first contact with a regulator is typically regarding licensing requirements, and that can set the tone for the firm’s relationship with the regulator moving forward. To ensure the firm understands expectations around licensing and its compliance obligations, it should review consultations and guidance by local regulators and lawmakers. Above all, consistent, constructive communication with regulators is vital and mutually beneficial. 

To read our recommendations in full, download the full Guide to AML for Crypto Firms.

This post is commissioned by ComplyAdvantage and does not serve as a testimonial or endorsement by The Block. This post is for informational purposes only and should not be relied upon as a basis for investment, tax, legal or other advice. You should conduct your own research and consult independent counsel and advisors on the matters discussed within this post. Past performance of any asset is not indicative of future results.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.