When the “Central Bank of Central Banks” Speaks on Encryption Regulation
When the Bank for International Settlements (BIS) speaks, the global financial community listens.
As the world's oldest international financial institution, the BIS was established in 1930, with members including 63 Central Banks from around the globe, representing countries that account for approximately 95% of global GDP. The BIS has also played the role of the “central bank of central banks”:
“The BIS's mission is to serve Central Banks in their pursuit of monetary and financial stability, to foster international cooperation in those areas and to act as a bank for Central Banks.”
—— Bank for International Settlements
The BIS is both a collaborative platform for Central Banks and a research and rule-making center for global financial stability. Therefore, its research and publications often serve as important references for regulatory policies in various countries.
In August this year, the BIS published “An approach to anti-money laundering compliance for cryptoassets” in BIS Bulletins No. 111 [1]. The timing of this paper's release is quite delicate—at a time when global encryption regulation is entering a critical turning point, regulatory agencies in various countries are seeking a balance that can effectively prevent risks without overly hindering innovation.
This article will guide you in interpreting this report, and in conjunction with the FATF annual examination: the global encryption regulatory report card reveals an objective assessment of the current state of encryption regulation and its future direction.
BIS Research and Publications: Why Its Voice Matters
In the financial governance system, the research and publications of the BIS often guide global regulatory trends, maintaining a leading position in innovation, especially in emerging fields.
Its research department focuses not only on monetary policy and financial stability but also continuously explores new areas, including encryption assets, AI explainability, climate risks, and more. This ancient institution located in Basel, Switzerland, maintains close collaboration with global Central Bank researchers and academia, continuously providing scientific and objective policy recommendations to global regulatory authorities.
Especially in the field of cryptocurrency, the BIS has demonstrated forward-looking leadership: from the cross-border encryption asset flow study released in 2025 [2] (covering seven years of data from 184 countries), to a systematic analysis of stablecoins, DeFi, and CBDCs, providing important references for regulators on encryption regulatory policy frameworks.
At the same time, the BIS's short topical research Bulletins have strong policy orientation due to their focus on hot topics and direct confrontation of policy issues. For example:
2021 DeFi Risk Research: Cited by multiple Central Banks as a reference for regulatory framework [3]
2023 Cryptocurrency Ecosystem Report: The system outlines the structural flaws of crypto [4]
The paper on encryption AML is published in this series (No.111), which shows BIS's emphasis on this issue.
BlockSec Interpretation: What is BIS's New Compliance Approach?
In its August thematic study titled “An approach to anti-money laundering compliance for cryptoassets,” the BIS confronted a reality: the traditional financial AML/KYC system faces systemic challenges in the world of encryption. However, the BIS did not stop at feeling “powerless,” but instead proposed an innovative “compliance scoring system.”
BlockSec Introduction
This special study by the BIS signifies a fundamental shift in the focus of compliance:
Old Model: “Who are you?” (Identity-Oriented)
New model: “Where does your money come from?” (Behavior-oriented)
Paradigm Shift: From “Identity Verification” to “Fund Traceability”
Traditional AML relies on customer identity information (KYC) from intermediaries such as banks, but on decentralized chains, users can completely bypass intermediaries through self-custody wallets. The main argument of the BIS is that every fund on the chain has a traceable source (provenance), which is a new tool for AML.
Core Idea: AML Compliance Scoring System
The most important innovation proposed by the BIS is the establishment of the AML Compliance Score mechanism:
Rating Principle:
High Score (Maximum 100 Points): Mainly from relatively clean funds of the “Whitelist” wallet.
Low score (minimum 0 points): Contaminated funds associated with “blacklist” known illegal wallets.
Dynamic Update: Continuously adjust based on real-time trading history and risk intelligence.
Technical implementation differences:
Stablecoin (Account Model): Although specific tokens cannot be tracked, the transaction network of wallet addresses can be mapped.
Bitcoin (UTXO model): The complete history of each satoshi can be traced back to the mining source.
Source: An approach to anti-money laundering compliance for cryptoassets
Three levels of implementation intensity:
Strict Mode (Allow List): Only tokens from addresses that have passed KYC checks are accepted, similar to the strict identity verification of traditional banks.
Medium Mode (Multiple Criteria): Comprehensive assessment based on multiple standards (holding period, trading frequency, counterparty history, etc.)
Loose Mode (Deny List): Only reject tokens from known illegal addresses, providing users with maximum trading freedom.
Responsibility Redistribution: From Centralization to Layering
The BIS distinguishes different levels of responsibility:
Centralized Hub (Fiat Deposit and Withdrawal Port, Stablecoin Issuer, Exchange): Undertakes the most stringent AML/KYC responsibilities.
On-chain activities (DeFi protocols, P2P transfers): More reliance on risk monitoring, on-chain traceability, and behavioral profiling.
This design acknowledges the practical limitations of a decentralized world while maintaining regulatory control at critical points, avoiding a “one-size-fits-all” approach.
And the BIS has proposed a controversial concept: Duty of Care. This means that users also have a responsibility to check the compliance rating of the counterparty before a transaction. In practice, this poses significant difficulties, but it also reflects the BIS's attempt to construct a vision of a compliance ecosystem that encourages universal participation.
Current Regulatory Dilemma: Challenges of the Travel Rule and Evolution of Crime
Although the new approach from the BIS is theoretically elegant, to understand the background of its proposal, we must first examine the severe realities facing the current regulatory system. Currently, global encryption regulation mainly relies on the core tool of the Travel Rule, which requires VASPs to collect and transmit the identity information of both the sender and receiver when processing transactions above a certain amount. However, this much-anticipated regulatory standard is encountering significant challenges.
Current Status of Travel Rule Implementation: The Huge Gap Between Ideal and Reality
According to the latest annual assessment report released by the FATF in June this year, the FATF annual test: the global encryption regulatory report card has been unveiled, and the global implementation of the Travel Rule is disappointing. Among the 138 jurisdictions that were assessed, only 1 country (the Bahamas) was rated as fully compliant, 29% of jurisdictions were basically compliant, 49% were partially compliant, while 21% remained non-compliant. This data shows almost no improvement compared to 2024, exposing the systemic failure of traditional regulatory tools in the encryption world.
At the same time, even in the 73% of jurisdictions that have “legislated,” the effectiveness of the Travel Rule varies significantly. The enormous divergence in threshold standards among countries has become the biggest obstacle: the United States adheres to the $3,000 threshold set in 1996 [5], while the European Union will implement a zero-threshold policy starting in December 2024 [6] (even transfers of 1 cent will require the Travel Rule). The result of this independent approach is that a cross-border transaction may be “compliant” in the sending country but considered “non-compliant” in the receiving country, making the transaction impossible to complete.
Technical Failures Faced by the Travel Rule
The fundamental reason for the failure of the Travel Rule lies in the fundamental conflict between its design assumptions and the reality of blockchain technology. This rule is designed based on the intermediary model of traditional finance, but in a decentralized environment: for self-custody wallet users, they can completely bypass VASP, making it impossible to track and verify their off-chain identity information; for DeFi protocols, there is also no traditional intermediary to enforce identity verification requirements; for cross-chain transactions, which involve multiple blockchain ecosystems, the regulatory boundaries remain vague.
It is precisely this systemic failure at the technical level that provides greater operational space for criminal activities.
Evolution of Crime: Direct Consequences of Regulatory Failure
The implementation dilemma of the Travel Rule has directly led to the rapid evolution and escalation of criminal methods. Criminals have not only not been effectively restrained by this regulatory tool but have instead found more covert ways to commit crimes:
Stablecoins become the new favorite:
In the context of the large-scale explosion of stablecoins, due to vulnerabilities in the technical execution of the Travel Rule, stablecoins have replaced Bitcoin as the preferred tool for criminals. Most on-chain illegal activities now involve stablecoin transactions, as they find it easier to evade existing regulatory scrutiny through stablecoins.
Evasion methods upgraded:
In the face of the threshold restrictions of the Travel Rule, criminals commonly employ Smurfing techniques—splitting large transactions into smaller ones to evade the threshold limits. A typical example is the $1.46 billion stolen by North Korean hackers from the Bybit exchange in 2025, who skillfully exploited the differences in regulatory standards across countries and technical vulnerabilities, bypassing centralized platforms and completing fund transfers in conjunction with DeFi protocols, ultimately recovering less than 4% of the funds.
It is evident that regulation is “easier said than done,” and the world is still in a bottleneck period for institutional implementation.
BlockSec Evaluation: The Significance and Policy Value of BIS's New Thinking
Paradigm Shift in Global Central Bank Regulatory Thinking
The BIS paper should not be judged from the perspective of “whether it provides a perfect solution.” It marks the first formal acknowledgment by traditional financial regulatory bodies of the disruptive impact of decentralized technology on the existing regulatory framework.
Over the past decade, regulators have mostly attempted to forcibly incorporate cryptocurrencies into the traditional financial framework, while the BIS's approach acknowledges the irreversibility of decentralized technology and seeks paths to achieve regulatory goals in the new technological environment.
Policy Direction: Providing a New Template for Global Regulation
As the authoritative voice of the global Central Bank, the BIS's recommendations are often deeply referenced and drawn upon by regulatory agencies in various countries. The innovations at the theoretical level in this paper include transforming blockchain transparency into regulatory advantages, constructing a compliance framework based on behavior rather than identity, and providing differentiated policy implementation pathways. These elements offer specific technical implementation solutions for regulators in different countries, clarify the responsibility boundaries of various participants, and establish a flexible international coordination mechanism.
BlockSec Conclusion: Historical Opportunities in Regulatory Evolution
2025 is also known as the “Year of Stablecoin Regulation.” Looking back at the global encryption regulatory journey of this year, it can be seen that this is a process of continuous trial and error and learning: from the East to the West, from Hong Kong to Europe and the United States, various regions are exploring regulatory paths suitable for themselves.
The BIS's paper may mark a new stage in this learning process - no longer simply “prohibition and permission,” but rather “understanding and adaptation.”
In fact, it is normal for regulation to lag behind technological innovation. Throughout history, a comprehensive traffic regulation system was established only after the widespread adoption of automobiles, a cross-border communication regulatory framework was created after the globalization of telephone technology, and the internet has gradually moved from its early “barbaric growth” to regulated development. Encryption assets are undergoing the same historical process. Every adjustment and adaptation in this process is a necessary step toward the maturity of the entire ecosystem.
The greatest value of the BIS scheme lies in providing a collaborative rather than adversarial framework for the industry and regulators. For the industry, this scheme offers a clear compliance pathway and technical standards while retaining ample development space for technological innovation. For regulators, the new framework achieves a balance between regulatory goals and technological realities, establishing an internationally coordinated technical foundation.
In this era of transformation, excellent regulation should not be a shackle that restrains innovation, but rather a guide that leads the industry towards a healthier and more sustainable direction.
When the global “Central Bank of Central Banks” speaks about encryption regulation
When the Bank for International Settlements (BIS) speaks, the global financial community pays close attention.
As the world's oldest international financial institution, the BIS was established in 1930, with members including 63 central banks globally, representing countries that account for approximately 95% of the world's GDP. The BIS has also played the role of the “central bank of central banks”:
“The BIS's mission is to serve Central Banks in their pursuit of monetary and financial stability, to foster international cooperation in those areas and to act as a bank for Central Banks.”
—— Bank for International Settlements
The BIS is both a collaborative platform for Central Banks and a research and rule-making center for global financial stability. Therefore, its research and publications often serve as important references for regulatory policies in various countries.
In August this year, the BIS published “An approach to anti-money laundering compliance for cryptoassets” in BIS Bulletins No.111. The timing of this paper's release is quite delicate—coinciding with a critical turning point in global encryption regulation, as regulatory agencies in various countries seek a balance that can effectively prevent risks without overly hindering innovation.
This article will guide you in interpreting this report, along with an analysis of the FATF annual assessment: the unveiling of the global encryption regulatory report card, to objectively evaluate the current status and future direction of encryption regulation.
BIS Research and Publications:
Why its voice is important
In the financial governance system, the research and publications of the BIS often guide global regulatory trends, maintaining a leading position in innovation, especially in emerging fields.
Its research department not only focuses on monetary policy and financial stability but also continuously explores new areas, including encryption assets, AI explainability, climate risk, and more. This ancient institution located in Basel, Switzerland, maintains close collaboration with global Central Bank researchers and academia, continuously providing scientific and objective policy recommendations to global regulatory authorities.
Especially in the field of encryption currency, the BIS has demonstrated forward-looking leadership: from the cross-border encryption asset flow study released in 2025 (covering seven years of data from 184 countries) to a systematic analysis of stablecoins, DeFi, and CBDCs, providing important references for regulators in developing encryption regulatory policy frameworks.
At the same time, the BIS short thematic research Bulletins have a strong policy orientation due to their focus on hot topics and direct confrontation with policy issues. For example:
2021 DeFi Risk Research: Cited by multiple Central Banks as a reference for regulatory frameworks
2023 Crypto Ecosystem Report: The system outlines the structural flaws of encryption [4]
The paper on encryption AML is published in this series (No.111), which shows BIS's emphasis on this issue.
BlockSec Interpretation:
What is the BIS's new approach to compliance?
In its August special report titled “An approach to anti-money laundering compliance for cryptoassets”, the BIS faced a reality: the traditional financial AML/KYC system has encountered systemic challenges in the world of encryption. However, the BIS did not stop at “helplessness”, but instead proposed an innovative “compliance scoring system”.
BlockSec Guide?
This special study by the BIS signifies a fundamental shift in the focus of compliance:
? Old Model: “Who are you?” (Identity-oriented)
? New model: “Where does your money come from?” (Behavioral-oriented)
Paradigm Shift: From “Authentication” to “Fund Traceability”
Traditional AML relies on customer identity information (KYC) from intermediaries such as banks, but on decentralized chains, users can completely bypass intermediaries through self-custody wallets. The main argument of the BIS is that every on-chain transaction has a traceable source (provenance), which is a new lever for AML.
Core Idea: AML Compliance Scoring System
The most important innovation proposed by the BIS is the establishment of the AML Compliance Score mechanism:
Rating Principle:
High score (maximum 100 points): Mainly from relatively clean funds of wallets on the “allowlist”.
Low score (minimum 0 points): Contaminated funds associated with “blacklist” known illegal wallets.
Dynamic updates: Continuously adjusting based on real-time trading history and risk intelligence.
Technical implementation differences:
Stablecoin (Account Model): Although specific tokens cannot be tracked, the transaction network of wallet addresses can be mapped.
Bitcoin (UTXO model): The complete history of each satoshi can be traced back to the mining source.
Source: An approach to anti-money laundering compliance for cryptoassets
Three levels of implementation intensity:
Strict Mode (Allow List): Only tokens from addresses that have passed KYC checks are accepted, similar to the strict identity verification of traditional banks.
Medium Mode (Multiple Criteria): Comprehensive assessment based on multiple standards (holding period, trading frequency, counterparty history, etc.)
Loose Mode (Deny List): Only reject tokens from known illegal addresses, providing users with maximum trading freedom.
Responsibility Redistribution: From Centralization to Layering
The BIS distinguishes different levels of responsibility:
Centralized Hub (Fiat Deposit and Withdrawal Port, Stablecoin Issuer, Exchange): Undertakes the most stringent AML/KYC responsibilities.
On-chain activities (DeFi protocols, P2P transfers): More reliance on risk monitoring, on-chain traceability, and behavioral profiling.
This design acknowledges the real limitations of a decentralized world while maintaining regulatory control at key points, avoiding a one-size-fits-all approach.
And the BIS has proposed a controversial concept: Duty of Care. This means that users also have a responsibility to check the compliance rating of the counterparty before a transaction. In practice, this poses significant difficulties, but it also reflects the BIS's attempt to construct a vision of a compliance ecosystem that encourages universal participation.
Current Regulatory Dilemma:
Travel Rule Challenges and the Evolution of Crime
Although the new approach from the BIS is theoretically elegant, to understand the background of its proposal, we must first examine the severe realities facing the current regulatory system. Currently, global encryption regulation mainly relies on the core tool of the Travel Rule, which requires VASPs to collect and transmit the identity information of both the sender and receiver when processing transactions above a certain amount. However, this much-anticipated regulatory standard is encountering significant challenges.
Current Status of Travel Rule Implementation: The Huge Gap Between Ideal and Reality
According to the latest annual assessment report released by the FATF in June this year, the FATF Annual Examination: The Global Encryption Regulatory Report Card has been unveiled, and the global implementation effect of the Travel Rule is disappointing. Among the 138 jurisdictions that have been assessed, only 1 country (the Bahamas) was rated as fully compliant, 29% of jurisdictions were rated as largely compliant, 49% as partially compliant, while 21% remained non-compliant. This data shows almost no improvement compared to 2024, exposing the systemic failure of traditional regulatory tools in the encryption world.
At the same time, even in the 73% jurisdictions where the Travel Rule is implemented “through legislation”, the effectiveness varies significantly. The huge divergence in threshold standards among countries has become the biggest obstacle: the United States insists on a $3,000 threshold set in 1996, while the European Union will start enforcing a zero-threshold policy in December 2024 (requiring the Travel Rule even for transfers of 1 euro cent). The result of this divergent approach is that a cross-border transaction may be considered “compliant” in the sending country but deemed “non-compliant” in the receiving country, leading to the transaction being impossible to complete.
Technical Failures Faced by the Travel Rule
The fundamental reason for the ineffectiveness of the Travel Rule lies in the inherent conflict between its design assumptions and the reality of blockchain technology. This rule is designed based on the intermediary model of traditional finance, but in a decentralized environment: for self-custody wallet users, they can completely bypass VASP, making it impossible to track and verify their off-chain identity information; for DeFi protocols, there are no traditional intermediaries to perform identity verification requirements; for cross-chain transactions, involving multiple blockchain ecosystems, regulatory boundaries remain vague.
It is precisely this systemic failure at the technical level that provides greater operational space for criminal activities.
Evolution of Crime: Direct Consequences of Regulatory Failure
The implementation dilemma of the Travel Rule has directly led to the rapid evolution and escalation of criminal methods. Criminals have not only not been effectively restrained by this regulatory tool but have instead found more covert ways to commit crimes:
Stablecoins become the new favorites:
In the context of the large-scale explosion of stablecoins, due to vulnerabilities in the technical execution of the Travel Rule, stablecoins have replaced Bitcoin as the preferred tool for criminals. Most on-chain illegal activities now involve stablecoin transactions, as they find it easier to evade existing regulatory scrutiny through stablecoins.
Evasion methods upgraded:
Faced with the threshold restrictions of the Travel Rule, criminals generally adopt Smurfing techniques—splitting large transactions into smaller ones to evade threshold limits. A typical example is the $1.46 billion stolen by North Korean hackers from the Bybit exchange in 2025, who cleverly exploited the differences in regulatory standards across countries and technological loopholes, circumventing centralized platforms and using DeFi protocols to complete the flow of funds, ultimately recovering less than 4% of the funds successfully. In-depth analysis of the Bybit theft incident.
It is evident that regulation is “easy to know but difficult to implement”, and the world is still at a bottleneck period for system implementation.
BlockSec Review:
The Significance and Policy Value of BIS New Ideas
Paradigm Shift in Global Central Bank Regulatory Thinking
The BIS paper should not be judged from the perspective of “whether it provides a perfect solution.” It marks the first formal acknowledgment by traditional financial regulators of the disruptive impact of decentralized technology on existing regulatory frameworks.
In the past decade, regulators have mostly attempted to forcibly integrate cryptocurrencies into the traditional financial framework, while the BIS's approach recognizes the irreversibility of decentralized technology and instead seeks paths to achieve regulatory goals in the new technological environment.
Policy Direction: Providing a New Template for Global Regulation
As the authoritative voice of global Central Banks, the BIS's recommendations are often deeply referenced and drawn upon by regulatory agencies in various countries. The innovations at the theoretical level in this paper include transforming blockchain transparency into regulatory advantages, constructing a compliance framework based on behavior rather than identity, and providing differentiated policy implementation paths. These innovations offer specific technical implementation plans for regulators in various countries, clarify the boundaries of responsibilities among different participants, and establish a flexible international coordination mechanism.
BlockSec Conclusion:
Historical Opportunities in Regulatory Evolution
2025 is also known as the “Year of Stablecoin Regulation.” Looking back at the global encryption regulatory journey of this year, it can be seen that this is a process of continuous trial and error and learning: from the East to the West, from Hong Kong to Europe and the United States, various regions are exploring regulatory paths suitable for themselves.
The BIS's paper may mark a new phase in this learning process - no longer just “prohibit and allow”, but “understand and adapt”.
In fact, regulatory lagging behind technological innovation is the norm. Throughout history, a comprehensive traffic regulation system was established only after the widespread adoption of automobiles, a cross-border communication regulatory framework was created only after the globalization of telephone technology, and the internet has also gradually evolved from early “barbaric growth” to standardized development. Encryption assets are undergoing the same historical process. Every adjustment and adaptation in this process is a necessary step towards the maturity of the entire ecosystem.
The greatest value of the BIS scheme lies in providing a collaborative rather than adversarial framework for the industry and regulators. For the industry, this scheme offers a clear compliance pathway and technical standards while retaining ample development space for technological innovation. For regulators, the new framework achieves a balance between regulatory goals and technological realities, establishing an internationally coordinated technical foundation.
In this era of transformation, excellent regulation should not be a shackle that restrains innovation, but rather a guide that leads the industry towards a healthier and more sustainable direction.
As a professional compliance monitoring platform under BlockSec, the Phalcon Compliance APP is committed to providing a one-stop AML/CFT solution for global encryption enterprises. We have established deep cooperative relationships with multiple international regulatory agencies, including the Hong Kong SFC, and have been invited to participate in closed-door seminars with top law enforcement agencies such as the FBI. As regulatory paradigms continue to iterate, our on-chain data analysis and risk assessment capabilities will help you find the best balance between compliance requirements and business development.
