More value now courses through stablecoins and other crypto rails than most policy conversations acknowledge: the IMF’s 2025 analysis maps roughly $2 trillion in cross-border stablecoin flows in 2024, concentrated in North America and the Asia-Pacific, and significant relative to GDP in emerging regions. Meanwhile, FATF reports that a third of surveyed jurisdictions still lacked full Travel Rule legislation as of mid-2024, and even among adopters, supervision and enforcement lag. Layer onto that Chainalysis’s estimate of about $40.9 billion received by known illicit crypto addresses in 2024—likely a lower bound—and a mid-2025 update suggesting inflows could match or exceed last year’s total. The headline isn’t “crypto bad” or “crypto free.” It’s that scale without layered guardrails is a safety failure waiting to happen. If token economies are to deliver on their efficiency promise, their architecture must embed prevention—not just traceability—at the points where crypto meets real-world money.

From ‘Freedom’ to ‘Failure-Tolerance’: Reframing the Token Debate

The familiar framing treats crypto’s value proposition as liberation from centralized control, as if removing the center automatically raises efficiency. But the historic role of central institutions in payments was not because private actors couldn’t move money; it was because the system required reliable safety properties—embedded checks, dispute resolution, and capital/behavior constraints—that prevented catastrophic loss from one actor’s gamble. Blockchains offer auditability but not, by themselves, prevention. The right question, then, is not how little regulation we can get away with, but how to engineer failure-tolerance—a layered system in which rogue behaviors are made complex to execute and easy to interrupt. That requires moving beyond ex post tracing toward ex ante design: programmable controls at off-ramps, provenance-aware risk scoring, stablecoin reserve supervision, and consistent cross-border identity data when funds travel. In this reframing, “freedom” is preserved because safety is predictable, not because oversight is absent.

Where Monitoring Breaks: Gaps that Criminals Exploit

Two structural weaknesses drive most leakage. First, identity portability is inconsistent: even where the Travel Rule is on the books, implementation is spotty and enforcement uneven, leaving room for cross-jurisdictional hopscotch. Second, obfuscation tooling has evolved—cross-chain swaps, sanctioned or weakly supervised exchanges, and privacy services—so funds can escape simplistic heuristics. The UK’s own experience shows how hard it is to police the perimeter. Despite expanded 2023 rules on financial promotions, regulators struggled through 2024 to remove non-compliant adverts at scale, while ramping up a dedicated crypto enforcement team only in 2025. The outcome is predictable: illicit actors adapt faster than fragmented oversight can respond. The lesson is not to outlaw everything, but to close the operational seams—standardized identity data in motion, risk-aware screening at conversion points, and supervisory visibility for reserves and flows that can trigger automatic containment when risk spikes.

A Unit-Level AML Score at the Off-Ramp

BIS researchers propose a practical pivot: compute an AML compliance score for each unit or balance—based on its on-chain provenance and statistical linkage to illicit activity—and require banks and regulated exchanges to reference that score at the moment of crypto-to-fiat conversion. Scores don’t criminalize tokens; they gate risk where it matters most: when value touches insured deposits or payment rails. This is prevention by interface. Methodologically, the score aggregates flagged exposure across transaction history, weights link distances and typologies (mixing, sanctioned VASP proximity, ransomware clusters), and applies declining relevance over time. In the absence of perfect information, thresholds and review flags can be tuned to minimize false positives while forcing deeper checks on ambiguous flows. Critically, this scheme doesn’t rely on any single analytics vendor. Supervisors can define minimum features, require model audits, and allow multiple providers to compete—raising accuracy and transparency over time.

Stablecoins as Supervised Gateways, Not Unwitting Bypasses

Because stablecoins dominate crypto’s settlement fabric, they are natural chokepoints for integrity. Two complementary layers matter. First, issuer-level reserve supervision ensures liabilities never outstrip assets—BIS’s Project Pyxtrial shows how supervisors could monitor backing in near-real-time, aligning stablecoin oversight with money-market-fund and e-money principles. Second, issuer controls—blocklisting, emergency freezes for sanctioned addresses, and automatic reaction to law-enforcement requests—can halt contagion without crashing entire markets. This already happens: both USDT and USDC have repeatedly frozen funds linked to sanctioned or criminal activity. At the same time, the EU’s MiCA regime brought stablecoin rules into force in 2024 with broader CASP obligations applying from late 2024 into 2025. The result is a blueprint: program compliance into the token’s life cycle and supervise the reserves with tools robust enough to discourage issuers from gaming disclosures. Freedom remains, but the easy path is lawful.

Supervisors with Better Tools, Not Louder Megaphones

Technology can scale oversight without suffocating innovation. Europe’s new AMLA—operational since July 1, 2025—was designed to coordinate national authorities, set convergent expectations, and directly supervise high-risk obliged entities, including parts of the crypto sector. On the data side, the FSB has emphasized the value of initiatives like BIS Project Atlas to reconcile divergent private and public measures of cross-border crypto activity and to fill reporting gaps that fragment policy responses. In practice, this means supervisors should move from ad hoc data pulls to standing data pipes: standardized provenance-risk metrics, exchange-level flow dashboards, and reserve telemetry for major stablecoins. With this backbone in place, alerts become actionable, enforcement can be targeted, and compliant firms gain clarity on how to invest in controls—precisely the predictability markets reward.

Design for Prevention: Frictions, Defaults, and Disclosures

Prevention is often about defaults. Under the UK regime, financial-promotion rules now reach crypto marketing, forcing risk warnings and banning “refer a friend” inducements. Still, disclosures work only when users read them and firms comply. A better design couples provenance-aware frictions—for example, additional delays or enhanced due diligence when an inbound transfer’s AML score exceeds a threshold—with intelligent disclosures keyed to the specific risk detected. Travel Rule data can do more than satisfy auditors: it can pre-populate risk cards for compliance staff and, when appropriate, surface plain-language alerts to users about the counterpart they are about to pay. Even simple transaction caps for first-time counterparties with low-confidence identity data reduce exposure without blocking legitimate use. Done well, these are not paternalistic obstacles but safety rails that speed legitimate flows by ensuring suspect flows are the ones that slow down.

Methodology: Estimates and Interpretations of the Evidence

Where sources disagree, I triangulate toward conservative orders of magnitude. For illicit volumes, Chainalysis provides a lower-bound view based on identified addresses; mid-year updates are treated as trend indicators rather than precise totals. For cross-border scale, I rely on the IMF’s 2025 working paper on stablecoin flows, which fuses on-chain and off-chain data with machine-learning to infer geography; I treat the $2 trillion figure as a gross-flow metric, not net settlement or “money supply.” For regulatory status, I privilege primary releases—FATF updates on Travel Rule adoption, EBA guidelines, ESMA statements on MiCA timings, FCA data and notices—over secondary summaries. Finally, where complex numbers are lacking—like the precise impact of AML scoring on false positives—I translate architecture into measurable operational targets (e.g., shares of inflows screened at off-ramp, average time-to-freeze for sanctioned flows) that regulators could adopt and firms can test.

Answering the Hard Objections: Privacy, Innovation, and Jurisdictional Drift

Three critiques deserve direct answers. First, privacy: provenance-aware scoring at off-ramps does not require panoptic identity on-chain; it relies on public transaction history plus Travel Rule identity exchanged between regulated entities, which can be safeguarded with encryption and access controls. Second, innovation: sanctions policy around mixers has evolved—Tornado Cash sanctions were lifted in March 2025, even as a U.S. criminal case against a developer proceeds—showing that enforcement can recalibrate without abandoning accountability. A design-centric regime lets compliant privacy tools flourish while making criminal obfuscation unprofitable. Third, jurisdictional drift: if one region tightens, won’t rogues move? Yes—and that’s why AMLA-style convergence and standards-driven data sharing matter. When off-ramps everywhere read from the same risk playbook, geography stops being a free pass, and compliant firms gain the competitive advantage of clarity.

From Ideology to Engineering

The stat that should shape the next five years is not the price of any coin. It is the combination of trillion-dollar stablecoin flows and inconsistent Travel Rule enforcement. That pairing invites exactly the kind of opportunistic abuse that turns public skepticism into policy whiplash. We don’t need to choose between “crypto freedom” and “central choke points.” We need safety-by-design that is layered where it counts: an AML compliance score that every off-ramp must consult; supervised, telemetry-rich stablecoin reserves; standardized cross-border identity data in motion; and supervisors equipped with live data pipes rather than press releases. This is the architecture of a token economy that prevents failure rather than narrates it after the fact. Build that, and the best version of the original dream—low-friction, programmable, globally interoperable money—survives precisely because the system is safe enough for ordinary people to trust.

The Economy Research Editorial

The Economy Research Editorial is located in the Gordon School of Business and Artificial Intelligence, Swiss Institute of Artificial Intelligence.

References

Aldasoro, I., Frost, J., Lim, S. H., Perez-Cruz, F., & Shin, H. S. (2025). An approach to anti-money laundering compliance for cryptoassets (BIS Bulletin No. 111). Bank for International Settlements. Retrieved August 2025.

Bank for International Settlements. (2025, June 24). The next-generation monetary and financial system (Annual Report 2024/25, Ch. 3). BIS.

Chainalysis. (2025, Jan 15). 2025 Crypto Crime Trends: Introduction. Chainalysis Blog.

Chainalysis. (2025, Jul 17). 2025 Crypto Crime Mid-Year Update. Chainalysis Blog.

European Banking Authority. (2024, July 4). The EBA issues ‘travel rule’ guidance to tackle money laundering and terrorist financing in transfers of funds and crypto assets [Press release], and Final Travel Rule Guidelines (PDF).

European Securities and Markets Authority. (2025, Jan 17). Public Statement on the provision of certain crypto-asset services and the application of MiCA Titles III and IV (stablecoins). ESMA.

Financial Action Task Force (FATF). (2024, Jul 9). Targeted Update on Implementation of the FATF Standards on Virtual Assets and VASPs. FATF-GAFI.

Financial Conduct Authority (UK). (2025, Feb 7). Financial promotions data 2024. FCA.

Financial Crimes Enforcement Network (U.S.). (2023, Oct). Proposal of Special Measure Regarding Convertible Virtual Currency Mixing (NPRM). FinCEN.

Financial Stability Board. (2024, Jul 23). Cross-border regulatory and supervisory issues of global stablecoins. FSB.

Global Investigations Review. (2023, Sept 13). AML compliance: Cryptocurrency and other virtual assets. GIR—The Guide to Anti-Money Laundering (First Edition).

International Monetary Fund. (2025, Jul 11). Reuter, M., et al., Decrypting Crypto: How to Estimate International Stablecoin Flows (Working Paper). IMF.

Reuters. (2024, Feb 22). EU’s new Anti-Money Laundering Authority to be based in Frankfurt. Reuters.

Reuters. (2025, Mar 21). U.S. scraps sanctions on Tornado Cash, crypto mixer accused of laundering North Korea money. Reuters.

UK Financial Conduct Authority. (2025, Aug). FCA adds crypto enforcement staff in bid to bring rogues to book. Financial News.

ESMA / European Commission. (2023–2025). Markets in Crypto-Assets Regulation (MiCA) – Implementing Measures and timeline. ESMA.