The Financial Action Task Force (FATF) is calling on jurisdictions around the world to urgently strengthen their response to the illicit finance risks posed by virtual assets, as criminal exploitation of cryptocurrencies continues to grow and expand into sectors such as gaming.
In its latest report, the sixth targeted update on the global implementation of AML/CFT measures for virtual assets (VAs) and virtual asset service providers (VASPs), published in late June, the FATF highlights serious regulatory gaps that are leaving the financial system vulnerable.
The report evaluates jurisdictions’ alignment with Recommendation 15 and its Interpretative Note, which extend AML/CFT obligations to VAs and VASPs. Although 99 jurisdictions have either enacted or are in the process of enacting relevant legislation, the FATF stressed that much more needs to be done to ensure meaningful implementation and enforcement.
‘Jurisdictions continue to face difficulties in identifying natural or legal persons that conduct VASP activities,’ the FATF stated, noting that regulatory and supervisory systems are still inconsistent across borders.
Travel Rule enforcement remains incomplete
A key focus of the report is the implementation of the so-called ‘Travel Rule,’ a requirement for VASPs to collect and transmit originator and beneficiary information during virtual asset transfers. According to the FATF, 73 percent of jurisdictions surveyed (85 out of 117) have passed legislation implementing the Travel Rule, but most have not yet enforced it in practice.
While this marks progress from 2024, the FATF warned that the effectiveness of the Travel Rule depends on consistent and global application. Only a minority of jurisdictions have taken enforcement actions or issued directives related to compliance. Many are still developing supervisory frameworks or are in the early stages of engaging with the private sector to improve adherence.
To aid implementation, the FATF also released a new companion report offering best practices for Travel Rule supervision, aiming to assist authorities in designing effective regulatory structures.
Rising threats from stablecoins and large-scale hacks
The FATF report raises particular concern over the use of stablecoins—cryptocurrencies designed to maintain a fixed value—by criminal actors, including sanctioned states, terrorist financiers, and drug traffickers. Since 2024, the share of on-chain illicit activity involving stablecoins has surged, with the asset class becoming the preferred tool for obfuscating financial transactions.
One particularly alarming case cited involved North Korean-linked hackers stealing $1.46 billion from virtual asset service provider ByBit earlier this year. To date, only 3.8 percent of the stolen funds have been recovered—underscoring the urgent need for stronger asset recovery systems and greater international cooperation.
The global financial crime watchdog also noted that stablecoins’ features—such as speed, low cost, and high liquidity—make them appealing to both legitimate users and illicit actors alike. If mass adoption continues without proper oversight, these assets could significantly amplify global financial crime risks.
Illicit activity expands into gaming sector
The FATF has flagged an increasing connection between virtual assets and online gaming and gambling platforms, where cryptocurrencies are commonly used for payments, in-game purchases, and peer-to-peer transfers.
‘There continues to be a link between VAs and gambling and games of chance/skill, and the ML/TF risk posed by those business models and delivery channels, including risks derived from illegal operators,’ the report stated.
This convergence is creating new avenues for laundering funds and obscuring the origins of illicit gains. The FATF indicated that it will continue examining gaming-related risks as part of its broader efforts to address vulnerabilities across the virtual asset ecosystem.
Surge in crypto-related scams and fraud
Alongside hacks and terrorist financing, crypto-related fraud and scams have also spiked. The FATF cited industry estimates that place the value of illicit on-chain activity related to fraud and scams at $51 billion in 2024 alone.
These include a rise in sophisticated schemes such as ‘pig butchering’ investment scams, romance scams, and phishing attacks using deepfake technology and AI-generated content. The growing professionalization of fraudsters—many operating as part of global networks—has made detection and prevention increasingly difficult.
Global implementation still uneven
Despite some progress, FATF assessments show that only 29 percent of jurisdictions are ‘largely compliant’ with Recommendation 15, while 49 percent remain only ‘partially compliant,’ and 21 percent are not compliant at all. Just one jurisdiction is currently assessed as fully compliant.
Many governments still lack the tools, expertise, or political commitment to implement and enforce robust AML/CFT frameworks for VAs. The FATF emphasized that without full and consistent adherence to its standards, regulatory weaknesses in one country could expose the entire global financial system to exploitation.
