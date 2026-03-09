Homepage > News > Finance > FATF warns stablecoin P2P transfer risks, urges global rules

The Financial Action Task Force (FATF) warned of illicit finance risks linked to stablecoins, particularly through peer-to-peer (P2P) transactions via unhosted wallets, as these often occur without a regulated intermediary.

The FATF, an independent inter-governmental body that develops policies to protect the global financial system, recently published its “Targeted Report on Stablecoins and Unhosted Wallets,” in which it highlighted how many of the core features of stablecoins that support legitimate use and have led to the success of the asset class, such as price stability, liquidity, and interoperability, also make them attractive for criminal misuse.

As noted in the FATF report, stablecoins have expanded exponentially over the past few years, growing from a relatively niche $30 billion global market in 2020 to over 250 in circulation by mid-2025 and a market capitalization exceeding $390 billion by the end of the year.

Unfortunately, this boom time has drawn the attention of those seeking to exploit stablecoins’ unique features—pseudoanonymity, inconsistent regulatory oversight, and fast, borderless transfers—for criminal purposes.

“This includes by money launderers, and terrorist financiers, as well as by state-linked cybercriminal groups, including from the DPRK [North Korea],” the report said.

North Korean hacking efforts have made numerous headlines over the past few years, accounting for several of the largest crypto-sector thefts on record, not least the February 2025 Bybit hack, which saw over $1.4 billion worth of Ethereum stolen.

Another major concern highlighted by FATF was the hot button issue of criminals and sanctioned states adopting stablecoins as a preferred method for laundering proceeds from ransomware, phishing, and other cyber-enabled crimes, including “Iranian actors leveraging stablecoins to finance proliferation.”

Iran, as one of the most heavily sanctioned countries in the world for almost half a century, has increasingly sought to utilize the digital asset sector to circumvent its enforced economic isolation.

A recent report from blockchain analytics firm Chainalysis revealed the extent of the Iranian sanctions evasion efforts via the blockchain space, noting how the Islamic Revolutionary Guard Corps (IRGC)—the Iranian security forces—has “extensively leveraged digital assets to finance its malign activities” both domestically and through its network of proxies across the Middle East.

An example of the breadth of the IRGC’s digital currency operations was seen earlier in January when The Washington Post reported that the Iranian security agency had utilized two digital asset exchanges registered in the United Kingdom to transfer approximately $1 billion since 2023, evading international sanctions.

The FATF report quoted another concerning Chainalysis finding that indicated that stablecoins accounted for 84% of illicit virtual asset transaction volume in 2025, “often involving unhosted wallets and complex laundering techniques designed to obscure fund origins.”

According to the FATF, the specific vulnerabilities of stablecoins revolve around P2P transactions via unhosted wallets, which occur directly between individuals or entities without the involvement of a regulated intermediary, such as a Virtual Asset Service Provider (VASP) or financial institution.

Furthermore, it suggested that stablecoin issuers may face difficulties in controlling cross-chain activities, "which may therefore fall outside counter-illicit finance controls." When it comes to addressing these concerns, the FATF also lamented that only a limited number of jurisdictions have implemented targeted regulatory frameworks that account for the distinct characteristics of stablecoins.

Thus, the report also urged countries “to recognise the specific money laundering, terrorist financing and proliferation financing risks associated with stablecoins and to implement proportionate and effective mitigating measures that reflect their distinct characteristics.”

Recommendations

In this vein, the FATF offered several risk mitigation measures that it would like to see implemented globally.

First was that all 38 FATF members and 20 additional jurisdictions with “materially important VASP activity” should fully implement Recommendations 15 and 16 of the FATF Standards. These recommendations established anti-money laundering and counter the financing of terrorism (AML/CFT) rules addressing virtual assets and VASPs directly, including customer due diligence and “travel rule” obligations.

They aim to “ensure that stablecoin issuers, intermediary VASPs, financial institutions and other relevant participants in stablecoin arrangements” are subject to clear AML/CFT obligations.

However, the recommendations require adoption into national legislation, which many jurisdictions have been slow to adopt. A FATF report in 2023 revealed that 75% of assessed jurisdictions either demonstrated only partial compliance or were non-compliant.

Over the past year, progress has been made in this regard, particularly as countries have gotten on board with Recommendation 16—the so-called “Crypto Travel Rule“—which encourages cooperation and information exchange between nations and specifically targets issues related to fund transfers. For example, it requires VASPs to obtain, hold, and transmit specific originator and beneficiary information immediately and securely when transferring digital assets.

According to an FATF update from June 2025, 99 jurisdictions have now passed or are in the process of passing legislation implementing the Travel Rule.

Beyond recommendations 15 and 16, the FATF’s latest report also suggested some “good practices for jurisdictions and the private sector” to mitigate the misuse of stablecoins.

These included requiring stablecoin issuers to adopt risk‑based technical and governance controls, such as the ability to freeze stablecoins in the secondary market and conduct customer due diligence at redemption; developing strong technical capabilities within supervisory and law enforcement authorities, including expertise in smart contract functionalities and monitoring risks from P2P transactions via unhosted wallets; ensuring competent authorities have the legal frameworks necessary for swift domestic and international cooperation; and establishing public‑private partnerships to strengthen cooperation on typologies, risk indicators, and emerging threats.

Despite this progress, the FATF reiterated that “a relatively small number of jurisdictions have implemented regulation for stablecoins that explicitly takes into account their characteristics that differ from other virtual assets.”

It added that “it is critical that jurisdictions place AML/CFT obligations on VASPs in the stablecoin ecosystem, including stablecoin issuers and intermediary VASPs.”

