Beosin x ACAMS x ABCP: 2025 Virtual Asset Anti-Money Laundering Compliance Annual Report

*This report is jointly produced by Beosin, ACAMS, and ABCP

Foreword

2025 was a pivotal year for the establishment of the global virtual asset regulatory landscape and a year of challenges for anti-money laundering (AML) compliance. From the implementation of the US GENIUS Act and the full enforcement of the EU's MiCA to the legislative passage of Hong Kong's Stablecoin Ordinance and the advancement of the ASPIRe roadmap, major jurisdictions worldwide accelerated the construction of systematic and multi-dimensional regulatory frameworks. Simultaneously, virtual asset crimes exhibited characteristics of cross-border operations, organizational sophistication, and technological complexity, posing severe challenges to traditional AML systems.

This report, initiated by Beosin and co-authored with the Association of Certified Anti-Money Laundering Specialists (ACAMS) and the Association of Blockchain Compliance Professionals (ABCP), is grounded in the 2025 global dynamics of virtual asset AML and regulation. It systematically reviews the regulatory trends in key countries and regions, provides an in-depth analysis of virtual asset crime characteristics and money laundering techniques, and focuses on emerging technological trends such as the x402 payment protocol, stablecoin-dedicated chains, and prediction markets. The report strives to present an annual observation of depth and reference value from an objective and professional perspective for industry practitioners, regulators, and researchers.

1. Analysis of Global Virtual Asset AML and Regulatory Trends

2025 is regarded as a watershed in the history of global virtual asset regulation. If the previous decade was an "observation period" and "trial-and-error period" for regulators worldwide regarding this emerging asset class, then 2025 marks the formal "rights confirmation" and "systematization" of the global regulatory framework. As blockchain technology becomes deeply embedded in global financial infrastructure, governments are no longer viewing virtual assets solely from the single dimension of AML/CFT but are recognizing them as a core component of the future digital economy. Consequently, they are building multi-dimensional governance systems encompassing prudential supervision, market conduct, investor protection, and systemic risk prevention.

The regulatory focus this year reflects a profound paradigm shift: regulators are moving from passively responding to market innovation to proactively setting technical standards and market access rules through legislation. Particularly represented by the enactment of the US GENIUS Act, the full implementation of the EU's Markets in Crypto-Assets Regulation (MiCA), and the legislative passage of Hong Kong's Stablecoin Ordinance alongside the advancement of the "ASPIRe" strategic roadmap, the world's major financial centers have largely completed the top-level design loop. This trend from "vague exploration" to "rule formation" not only clears legal obstacles for the large-scale entry of traditional financial institutions (TradFi) but also presents unprecedented challenges to the compliance survival capabilities of native crypto enterprises.

The deeper logic lies in the fact that the tightening and clarification of regulation actually paves the way for the "de-criminalization" and "financial instrument-ization" of virtual assets, which is positive for the industry's long-term healthy development. As regulatory frameworks improve, regulatory arbitrage opportunities are effectively compressed, pushing illegal funds further away from compliant markets and driving the overall ecosystem towards greater standardization and transparency. The increasingly clear boundary between compliant markets and illegal activities not only boosts market participant confidence but also lays the foundation for the integration of virtual assets into the mainstream financial system.

1.1 2025 Virtual Asset Regulatory Trends in Major Countries and Regions 

1.1.1 United States 

Regulatory Trend: In July 2025, the United States formally passed the GENIUS Act, establishing a regulatory framework for payment stablecoins. This marks the first time the US has legislatively recognized and regulated stablecoins at the federal level:

● Clarifies that stablecoins are neither securities nor commodities; 

● Issuers must hold 1:1 reserves (cash or US Treasury bills with maturities within 93 days); 

● Establishes a "Stablecoin Certification Review Board" and restricts tech giants (e.g., Meta, Apple) from issuing stablecoins; 

● Strengthens KYC, AML, and consumer protection; 

● Foreign issuers (e.g., Tether) must register in the US or face market exclusion. 

Learning from the painful lessons of the Terra/Luna collapse and FTX's misappropriation of user funds, the GENIUS Act sets near-stringent standards for reserve asset management. The Act mandates that issuers must hold 1:1 reserve assets, with eligible assets limited to cash or US Treasury Bills with maturities within 93 days. This rule excludes high-risk assets like commercial paper and corporate bonds, ensuring high liquidity and safety for the underlying assets of stablecoins.

A more critical institutional innovation lies in bankruptcy isolation and priority claim rights. The Act modifies the application logic of bankruptcy law, explicitly stating that in the event of issuer bankruptcy or insolvency, stablecoin holders have "First Priority" claim to the reserve assets, superior to the issuer's other general unsecured creditors. This clause fundamentally addresses the risk of user funds becoming "unsecured claims" under the law, significantly boosting institutional investor confidence in using stablecoins for large-scale settlements. This legal certainty is a prerequisite for traditional financial institutions to dare to incorporate stablecoins into their core business and also lays a foundation of legal trust for emerging technology applications like the "x402 payment protocol" mentioned in later chapters.

Currently, the US virtual asset industry is regulated by multiple agencies collaboratively: the Securities and Exchange Commission (SEC) oversees virtual currencies with security attributes; the Commodity Futures Trading Commission (CFTC) regulates virtual currency futures contract trading; the Office of the Comptroller of the Currency (OCC) supervises stablecoin issuance, custody, and payments; and the Financial Crimes Enforcement Network (FinCEN) combats money laundering and other illegal activities. 

While establishing strict standards, regulators are also loosening restrictions for traditional financial institutions. The Federal Reserve revoked previous restrictions on banks engaging in crypto business, allowing banks to decide for themselves whether to offer crypto asset custody, payment, and issuance services, provided they establish a sound Risk Management system. In December 2025, the Federal Deposit Insurance Corporation (FDIC) further approved a proposal to implement the GENIUS Act application process, clarifying specific procedures for bank subsidiaries to apply for stablecoin issuance. However, due to concerns about anti-trust and data privacy, the Act established the "Stablecoin Certification Review Board" and imposed additional restrictions on large tech companies (e.g., Meta, Apple) issuing stablecoins. This differential treatment reflects regulators' vigilance against the "commercial data + financial monopoly" model, aiming to prevent tech giants from forming a closed-loop ecosystem of supra-sovereign currency using their vast user networks.

1.1.2 Hong Kong

Regulatory Trend: In February 2025, the Hong Kong Securities and Futures Commission (SFC) released the forward-looking "ASPIRe" regulatory roadmap, aiming to comprehensively reshape Hong Kong's virtual asset financial ecosystem through five pillars.

● Access: Simplify market entry through regulatory clarity. The focus for 2025 is to fill regulatory gaps for over-the-counter (OTC) trading and custody services, establishing a licensing system to allow compliant institutions smoother market access while excluding illegal OTC from the formal financial system.

● Safeguards: Optimize compliance burdens. Regulators acknowledge that past "one-size-fits-all" rules (e.g., extremely high cold wallet storage ratios) may have suppressed operational efficiency, thus shifting towards a "Risk-Based" regulatory approach, exploring adjustments to custody technical standards and storage ratios based on technological advancements.

● Products: Enrich product offerings. The SFC explicitly stated it will expand the range of tradable assets and services based on investor categories (retail vs. professional), breaking the previous limitation to only a few mainstream cryptocurrencies.

● Infrastructure: Modernize regulatory infrastructure. Utilize RegTech to enhance reporting and monitoring efficiency, strengthen cross-departmental intelligence sharing between the SFC, Hong Kong Monetary Authority (HKMA), and the Police Force to tackle increasingly complex on-chain crimes.

● Relationships: Strengthen ecosystem connections. Enhance cooperation with global regulators, promote cross-border law enforcement assistance, and rebuild market confidence through investor education.

In May 2025, the Hong Kong Legislative Council reviewed and passed the Stablecoin Ordinance, which officially took effect in August 2025. Thus, Hong Kong became one of the few jurisdictions in Asia to achieve institutionalized regulatory implementation for stablecoins:

*Details on the interpretation of the Stablecoin Ordinance can be viewed in the full version.

Addressing the issue exposed in the JPEX case where unlicensed OTC entities (e.g., street money changers) became entry points for fraudulent funds, the Hong Kong government completed a consultation on the licensing system for OTC and custodians in June 2025 and initiated legislative procedures in the second half of the year.

● OTC Regulation: Overseen by the SFC, focusing on combating money laundering risks, requiring OTC merchants to conduct strict customer real-name registration and transaction limit management. This measure directly targets the path used by "black and gray industry guarantee platforms" described in Chapter 2 of this report to launder cash through offline OTC.

● Custody Regulation: The SFC will establish a dedicated custody license (Type 13 RA), bringing independent custodians into the regulatory system. This ends the previous situation where only VATP affiliates could provide compliant custody, allowing professional third-party custodians (e.g., banks, trust companies) to be independently licensed and provide safer asset custody services to the market.

The improvement of the virtual asset regulatory system provided solid support for law enforcement practices. In August 2024, the Organized Crime and Triad Bureau (OCTB) of the Hong Kong Police Force issued a formal letter of appreciation to a cryptocurrency exchange, commending the exchange's investigation team for its contribution to a major kidnapping case. The letter, personally signed by OCTB Senior Superintendent Ouyang Zhaogang, specifically named and thanked an investigator on the exchange's team, who recently also joined ABCP as an executive committee member. In the letter, Hong Kong police thanked the investigator for helping them successfully identify suspects from the criminal group, thereby advancing the case investigation.

The exchange, through intelligence analysis by its Financial Crime Compliance (FCC) team, provided key leads to assist police in tracking suspects. This case shows that criminals may use cryptocurrency as a fund transfer tool in different types of criminal activities, such as laundering ransom after kidnapping or cross-border fund flows. However, with expertise in blockchain analysis and professional investigation techniques, private analysis firms and law enforcement agencies can effectively trace on-chain fund flows, identify abnormal patterns, and pinpoint suspects, thereby significantly improving investigation efficiency. This letter of appreciation not only highlights the effectiveness of public-private cooperation in combating emerging tech crimes but also serves as a positive example for blockchain analysis and intelligence companies like Beosin, ABCP, and compliance organizations in promoting industry interaction with law enforcement, proving that professional blockchain investigation capabilities can play a key role in diverse crime scenarios.

1.1.3 European Union 

Regulatory Trend: Although some provisions of the Markets in Crypto-Assets Regulation (MiCA) took effect in 2024, it was not until December 30, 2024, that the regulation was fully applicable across all 27 EU member states and 3 European Economic Area countries, achieving unified regulatory rules.

MiCA categorizes stablecoins into Electronic Money Tokens (EMT) and Asset-Referenced Tokens (ART). EMTs maintain their value by referencing a single official currency (i.e., fiat-backed stablecoins), while ARTs stabilize their value by referencing a basket of various values or rights. MiCA stipulates that issuers of EMTs must be EU-authorized credit institutions (i.e., banks) or Electronic Money Institutions (EMIs). This means tokens from issuers not holding an EU EMI license cannot be listed for trading on exchanges within the EU. This provision dealt a devastating blow to Tether (USDT). As Tether failed to apply for or obtain an EU license, major exchanges like Coinbase, OKX, and Bitstamp successively announced the delisting of USDT for European users from late 2024 to early 2025.

● Requires stablecoin issuers to publish a whitepaper detailing issuer information, token characteristics, attached rights and obligations, underlying technology, risk factors, and asset reserves; 

● Any marketing communication related to stablecoin trading must be clear, unambiguous, and avoid sensational statements, controlling hype risks at the source; 

● Issuers must ensure 100% backing by underlying reserve assets and report regularly to guarantee stablecoin value stability; 

● Daily trading volume for a single ART or EMT must not exceed 5 million euros; when the market value of an ART or EMT exceeds 500 million euros, the issuer must report to regulators and take additional compliance measures; 

● When the usage of an ART within a single currency area exceeds 1 million transactions or a transaction value of 200 million euros (quarterly average), the issuance of that ART must cease; 

● Only euro-denominated stablecoins can be used for daily goods and service payments, limiting the usage proportion of non-euro stablecoins within the EU. 

According to Decta's "2025 Euro Stablecoin Trends Report," in the 12 months following MiCA's implementation, the market capitalization of major euro stablecoins grew by 102%, completely reversing the decline from the previous year:  

● EURC (Circle): As the euro stablecoin issued by Circle, its trading volume grew an astonishing 1139% after MiCA implementation, and it captured over 50% market share in circulation, becoming the de facto dominant euro stablecoin. 

● EURS (Stasis): As a veteran euro stablecoin, its market cap surged from $38 million to $283 million, a growth rate exceeding 600%.  

● EURCV (Société Générale - Forge): Issued by a subsidiary of French bank Société Générale, EURCV represents the attempt of traditional banks to enter this field. Its trading volume grew by 343%, and although starting from a small base, its symbolic significance is substantial—bank-issued stablecoins are beginning to gain liquidity in the DeFi space.

Furthermore, on January 17, 2025, the Digital Operational Resilience Act (DORA) officially took effect. Although DORA is not exclusively for the crypto industry but covers all financial institutions, its impact on crypto firms is particularly profound.

● Core Requirement: DORA requires financial entities to establish extremely high-standard IT security systems to withstand cyber-attacks and technical failures. It grants regulators the power to directly review critical ICT third-party service providers (e.g., cloud service providers, node service providers).

● Industry Impact: This means crypto exchanges and custodians are not only responsible for their own systems but also for the stability of the on-chain infrastructure they rely on (e.g., oracles, node networks). This forms a regulatory echo with the "prediction market oracle manipulation risk" mentioned in Chapter 4 of this report—regulators are beginning to focus on single points of failure in decentralized infrastructure.

Additionally, the newly established European Anti-Money Laundering Authority (AMLA) began operations in 2025, directly supervising high-risk CASPs, with particular emphasis on monitoring cross-border transactions and privacy coins, aligning with the global trend of combating crypto money laundering.

*Interpretations of regulatory trends in more countries and regions can be viewed in the full version of the annual report.

II Global Virtual Asset Crime Landscape

In 2025, the rapid expansion and technological innovation of the virtual currency ecosystem also led to a comprehensive upgrade in criminal methods. From on-chain attacks and cross-chain money laundering to generative AI scam scenarios and darknet fast payment scenarios, virtual currency crimes became more prominent in terms of concealment, intelligence, and cross-border nature. 

Transnational criminal groups experienced rapid expansion in organizational scale, business chains, and modus operandi, with their cross-border coordination capabilities and risk spillover capabilities showing unprecedented growth. From precise scams in the early stage, technical attacks in the middle stage, to proceeds laundering in the later stage, each link is handled by professional teams, constructing a cross-border collaborative organizational system through encrypted communication tools and offshore company networks, forming a closed-loop model of "headquarters command + regional execution + global money laundering." 

The Bybit exchange theft incident in February 2025 became a landmark event for large-scale operations by transnational criminal groups. Furthermore, the exposure of the Southeast Asian Prince Group Chen Zhi case in the fourth quarter further revealed the "industry coverage + global money laundering" characteristics of such criminal networks. This "corporate-style criminal ecosystem" poses significant challenges to traditional judicial cooperation and regulatory mechanisms in terms of response speed and technical capability. 

2.1 Guarantee Platforms Become Primary Channel for Black/Gray Industry Connections 

In black/gray industry trading scenarios, the lack of mutual trust between trading parties is one of the core pain points, directly giving rise to the emergence of "guarantee" as an intermediary role. Such guarantee platforms are essentially trading models involving third-party guarantors (including individuals, smart programs, or service agencies). Their core function is to assume intermediary guarantee responsibilities throughout the entire transaction process, establishing trust endorsement for both parties and thereby facilitating deal closure. 

As a new type of black/gray industry matching platform, guarantee platforms have seen exponential growth in user base and capital scale in recent years. Beosin statistics show that as of December 15, 2025, the cumulative number of users on mainstream guarantee platforms exceeded 549,400, with over 2.54 million guarantee transactions and a total transaction volume exceeding 15 billion USDT. Among these, in 2025 alone, mainstream guarantee platforms saw over