Insights
Regulatory analysis, compliance guides, and research reports for crypto compliance professionals.
From On-Chain Trigger to FIU SAR in 48 Hours
Once an analyst forms a suspicion, a clock starts — and the refrain-from-transaction duty freezes part of your business. The trigger-to-filing path hour by hour, why the on-chain investigation is the bottleneck, and what a SAR an FIU can actually action looks like.
MiCA in Practice
A five-part practical guide to MiCA compliance — from licensing to prudential requirements.
MiCA in Practice #1: Your CASP Licensing Roadmap
Step-by-step guide to obtaining a MiCA CASP licence — from mapping your services to the ten regulated categories, to preparing the NCA dossier and navigating the review process.
#2: Building Your AML/KYC Programme
How to design an AML/KYC programme that satisfies both MiCA and the new AMLR — covering business-wide risk assessment, wallet-level due diligence, and customer risk scoring.
#3: Transaction Monitoring & SAR
Practical guidance on designing monitoring rules, calibrating alert thresholds, building an investigation workflow, and filing SARs.
#4: Governance, Risk & Internal Controls
Board-level responsibilities under MiCA, the three-lines-of-defence model, risk management frameworks, and DORA ICT resilience.
#5: Asset Safeguarding & Capital Requirements
How CASPs must protect client funds and crypto-assets, minimum own-funds requirements by service class, and ongoing prudential obligations.
Tools for Compliance
Operational walkthroughs that map a specific obligation to the workflow that satisfies it — Travel Rule, sanctions screening, ongoing monitoring, KYT, DAC8, SAR.
Tools for Compliance #5: The DAC8 Reporting Workflow
DAC8 is an extraction obligation wearing a reporting deadline. The four CARF categories, valuation and reconciliation, and the field-by-field workflow to a defensible report.
Tools for Compliance #4: KYT for Stablecoin Issuers
Full visibility, zero gatekeeping — the four-tier rule set issuers run, the workflow behind every addBlackList call, and why a freeze is a compliance decision published on-chain.
Tools for Compliance #3: Ongoing Wallet Monitoring
The alert categories AMLR Art. 21 expects, the calibration questions NCAs probe, and how to keep the analyst queue a control instead of a graveyard.
Tools for Compliance #2: Real-Time Sanctions Screening
The 5 touchpoints where sanctions screening must fire, the indirect-exposure policy NCAs ask about, and a defensible hit-handling workflow.
Tools for Compliance #1: Travel Rule, End-to-End
The four-step Travel Rule workflow every CASP transfer goes through — counterparty classification, IVMS101 assembly, transmission, inbound reception — with the audit trail regulators inspect.
Briefings
Short, news-driven briefings on what's changing in EU and global crypto regulation — what to do about it, who's exposed, and where enforcement is heading.
Briefings #6: Garantex, Tornado Cash, Bitzlato
A sanctioned exchange came back under a new name, a sanctioned protocol came off the list, and one was killed by an agency that isn't OFAC. The pattern across three cases — and the screening programme it demands.
Briefings #5: DAC8 in Italy — The Roll-Out Timeline
D.Lgs. 194/2025 landed nine days before the obligations went live. First report due June 2027, but collection started 1 Jan 2026 and the cross-check wave lands with the new 33% rate.
Briefings #4: Stablecoin Freeze Mechanics
Tether and Circle can lock any wallet's stablecoins with one contract call. How the freeze works, the real timelines, the path back, and why freeze events are a pre-list risk feed.
Briefings #3: The Travel Rule Sunrise Issue
18 months into MiCA, less than half of cross-border VASP transfers can fully exchange Travel Rule data. The four failure modes, the three strategies CASPs are actually using, and what examiners ask when the transmission rate flatlines.
Briefings #2: MiCA Whitepaper Rejection Mistakes
Whitepapers aren't approved — they're notified. The seven mistakes that recur in BaFin, AMF, CSSF, and CONSOB public observations, and what a clean dossier looks like.
Briefings #1: What MiCA Bans Crypto Influencers From Doing
MiCA's marketing-communication rules in Art. 7, 27, and 53 reach finfluencers directly. The eight behaviours that are sanctionable in 2026, and where the EUR 700K personal fines land.
Crypto Enforcement Files
Forensic case studies of the actions that defined crypto compliance — what happened on-chain, how it was traced, and the lesson each one leaves.
Enforcement Files #1: Tornado Cash, Forensically
The first OFAC designation of autonomous code, the Fifth Circuit reversal, two developer prosecutions, and why mixer exposure is still a risk signal after the delisting.
#2: How Garantex Kept Operating for Three Years
A designation that did almost nothing, the stablecoin freeze that finally bit, and the Grinex successor — why you screen the cluster, not the SDN row.
#3: FTX — The $8B Safeguarding Failure
A hard-coded backdoor between customer deposits and a hedge fund, the forensic accounting that exposed it, and what MiCA Art. 70 now requires to prevent it.
#4: The $3.6B Bitfinex Hack, Traced
119,754 BTC stolen, six years of mixers and darknet markets, and the on-chain trail that ended in arrests — proof that laundering buys time, not escape.
AML Typologies for Crypto
The laundering techniques every monitoring programme has to recognise — how each one looks on-chain, and how it's detected.
AML Typologies #1: Peel Chains
The on-chain equivalent of skimming a cash stack — small peels to cash-out, large remainder forwarded, repeated. Invisible to single-hop screening, obvious to source-tracing.
#2: Cross-Chain Laundering
Bridge hopping doesn't lengthen the trail — it jumps it to a chain you aren't watching. Why single-chain screening has a hole the size of every other chain.
#3: Mixer & CoinJoin Analysis
Tumblers, smart-contract mixers, and CoinJoin enlarge the anonymity set — but timing, amounts, and reuse mistakes leave probabilistic signal. Treat exposure as risk, not a list question.
#4: NFT-Based Money Laundering
Wash trading manufactures value and history; an overpriced sale is a disguised payment. The art is subjective — the graph around the trade is not.
#5: DeFi Exploitation
Flash loans, rug pulls, and exit scams — where the theft and the first laundering hop happen in the same transactions, and how the proceeds are traced afterward.
Global Crypto Regulation Map
How the major jurisdictions are drawing their crypto rules — UK, Singapore, US, MENA, and APAC — and where a cross-border firm gets caught between them.
Regulation Map #1: UK FCA vs MiCA
MiCA is live and prescriptive; the UK's FSMA crypto regime is built and dated but in force from Oct 2027. Where the post-Brexit regimes diverge — and what stays common.
#2: Singapore MAS vs EU MiCA
MAS extended a payments law where the EU wrote a bespoke code. The SCS stablecoin framework, the broad DTSP territorial reach, and where the two regimes rhyme.
#3: US Crypto Regulation 2026
Stablecoins settled (GENIUS Act), market structure pending (CLARITY in the Senate), sanctions in force throughout. Why a US firm builds on the constant, not the contested.
#4: MENA Crypto Hubs
The UAE's deliberate multi-regulator map (VARA, ADGM, DFSA), Bahrain's single-supervisor route, and Saudi's watch-and-prepare stance — welcoming front door, serious back office.
#5: APAC Crypto Compliance
Japan, Korea, Hong Kong, and Australia each landed a major 2026 reform on four different models — and converged on the same on-chain obligations.
CASP Compliance Toolkit
The practical documents and processes a crypto business has to produce — the BWRA, SAR filing, customer risk scoring, and the independent audit that tests them all.
CASP Toolkit #1: Writing Your BWRA
The business-wide risk assessment every control calibrates to — the four risk dimensions, the crypto-specific on-chain exposure layer, and why an evidenced BWRA beats an eloquent one.
#2: SAR Filing for Crypto
What FIUs expect in a crypto SAR, the mistakes that get reports sent back, and why the on-chain evidence is the filing's superpower.
#3: Crypto Customer Risk Scoring
Combining off-chain KYC factors with on-chain behaviour — the half that updates itself — into a dynamic, explainable score that drives EDD and monitoring.
#4: Independent AML Audit
What examiners test (operating practice, not policy), the walk-through method, and why building a retrievable evidence trail is the only real preparation.
Crypto Explained Well
Plain-language guides for anyone who owns crypto, advises someone who does, or just wants to understand it — anonymity, tax, scams, inheritance, wallets, and how it all gets traced.
Crypto Explained #1: Is Bitcoin Really Anonymous?
It's pseudonymous, not anonymous — a public, permanent ledger where one link names the rest. The myth underneath all the others.
#2: What Your Exchange Sees (and Tells the Taxman)
Your identity plus your full history — and from 2026, reported to tax authorities automatically under DAC8/CARF. The mismatch is what gets you.
#3: Spot a Crypto Scam in 60 Seconds
Seven red flags — guaranteed returns, urgency, send-first, connect-your-wallet traps. One flag is enough to walk away.
#4: Crypto and Inheritance
Heirs can owe tax on coins they may never access. How succession works in Italy, and why estate planning for crypto is key management.
#5: Hot Wallet vs Cold Wallet
Online and convenient vs offline and safe — and the deeper rule beneath both: not your keys, not your coins.
#6: Are Stablecoins Really Stable?
USDT and USDC are backed by reserves; TerraUSD was backed by an algorithm and lost $40B in days. Always ask what's behind the dollar.
#7: Crypto and Divorce
Acquired-in-marriage crypto is split like any asset under Italy's comunione legale — and hiding it on-chain rarely survives a court order.
#8: Your Accountant Doesn't Know Crypto
The checklist to hand them — every exchange and wallet, every event (not just sales), cost basis, and crypto-to-crypto as a taxable event.
#9: Mixers, Tumblers, CoinJoin
What they really are, why 'untraceable' is a stretch, and why touching one marks your coins as high-risk even if you did nothing wrong.
#10: NFTs, Memecoins, Gambling
Three grey zones the 2026 rules are closing — and the test regulators use: what it does, not what it's called.
#11: What 'Tracing a Wallet' Means
Less hacking, more accounting — following public flows hop by hop, supercharged by a library of labels that says who owns what.
#12: How a Prosecutor Seizes Bitcoin
Trace to a person, get the keys or the chokepoint, take custody. The ledger that promised freedom is the prosecutor's best evidence.
DeFi Compliance
How regulators are drawing the line on decentralised finance — scope, DEX obligations, and stablecoin rules.
DeFi Compliance #1: Is DeFi In Scope?
MiCA, FATF, and the decentralisation spectrum — how regulators determine whether a DeFi protocol has compliance obligations.
#2: Can DEXs Meet AML Requirements?
Front-end vs protocol, the Uniswap precedent, and how to implement screening at the interface layer.
#3: Stablecoin Regulation — EMT vs ART
MiCA Title III/IV requirements for stablecoin issuers — reserves, redemption rights, and what makes a token "significant."
Regulation & Compliance
DAC8 Explained: EU Crypto Tax Reporting for Businesses
The EU's eighth DAC amendment brings crypto-assets into the automatic tax information exchange framework. What Reporting CASPs must collect, report, and when — plus the interplay with MiCA and OECD CARF.
UAE Decision 4/R.M/2026: The New Federal Crypto Rulebook Explained
The CMA just replaced the entire 2023 VASP framework. Eight license categories, federal privacy token ban, algorithmic token prohibition, and five concurrent regulatory regimes.
MiCA Compliance Guide: What Crypto Businesses Need to Know in 2026
The Markets in Crypto-Assets Regulation is now fully in force. Here's what CASPs, token issuers, and DeFi protocols need to do to stay compliant across the EU.
OFAC Sanctions Screening for Crypto: A Practical Guide
From Tornado Cash to Garantex, OFAC enforcement in crypto is intensifying. Learn how to build a robust sanctions screening program.
The Travel Rule for Virtual Assets: Implementation Guide
FATF Recommendation 16 requires VASPs to share originator and beneficiary information. Here's how to navigate the technical and jurisdictional challenges.