Time to grow up? Crypto and fintechs rack up more AML fines than traditional financial services.

In 2023, new entrants to the financial system reached a monumental milestone, for all the wrong reasons.

Last year, for the first time ever, crypto firms and fintechs received more fines than traditional financial services. 

According to data analysed by the Financial Times, crypto and digital payment companies paid an eye-watering $5.8 billion in fines due to a multitude of reasons, including non-compliance in anti-money laundering checks and failing to uphold sanctions and other financial crime issues.

Findings and failings.

In total, crypto firms recorded 11 separate fines in 2023 compared to an annual average of just two over the last five years. Meanwhile, payments firms recorded 27 fines, which was a huge increase on their annual average of five per year from 2018 to 2022. 

Most fines levied against payments groups were to fintech groups that were less than 20 years old.

This is a surprising shift in the global payments space, and just goes to show that such punishments can be levied out to even the most digital-savvy sectors.

Rayissa Armata, Director, Global Regulatory & Government Affairs at IDnow

“Gone are the days where bad behavior will be tolerated by newcomers to the financial industry. With major players like Blackrock recently launching its bitcoin ETF, which boasts huge compliance operations as well as general risk aversion, the industry is likely, and will need to, grow up quickly in 2024 and beyond,” added Rayissa.

The main contributor to the astronomical amount of 5.8 billion in fines was the $4.3 billion penalty levied against crypto exchange Binance, which was set “purposefully high.”  

Reasons for the mammoth fine were attributed to violations of: 

  • The Bank Secrecy Act (BSA)
  • Failure to register as a money transmitting business
  • Violations to the International Emergency Economic Powers Act (IEEPA). 

“Binance became the world’s largest cryptocurrency exchange in part because of the crimes it committed – now it is paying one of the largest corporate penalties in US history. The message here should be clear: using new technology to break the law does not make you a disruptor, it makes you a criminal,” said Attorney General Merrick B. Garland. 

Secretary of the Treasury Janet L. Yellen was even clearer in her damnation of the crypto platform, stating how Binance’s “wilful” failures to adhere to AML and sanctions compliance allowed money to flow to terrorists, cybercriminals, and child abusers through its platform. 

Of course, this was not the only wake-up call that should have set off alarm bells in the crypto community in 2023.  

The much-publicized decision to convict the founder of FTX of money laundering and fraud sent further shockwaves through the industry. Despite such turbulence, there were also significant steps taken to stabilize crypto in 2023, such as the Market in Crypto Assets regulatory framework (MiCA), the Transfer of Funds regulation (TFR), and the UK’s proposed regulatory regime, which neared ever closer to completion. As the regulations are finally likely to be enforced in 2024, this could not happen at a more crucial time.

2024 may very well prove to be a watershed year for the crypto industry. It’s likely that the upcoming crypto regulations will have a positive impact and act as a stabilizing force, while the fines should serve as a deterrent and remind crypto firms that AML laws and regulations apply to them too.

Rayissa Armata, Director, Global Regulatory & Government Affairs at IDnow 

“However, there’s also a very real chance that firms, especially new entrants to the crypto and fintech market that are in a rush to establish themselves and onboard as many customers as possible, may bypass certain steps in customer controls. This is not advisable. KYC processes, and rigorous identity checks are in place for a reason – to protect the business and the customer.”

Light at the end of the tunnel?

Besides the aforementioned regulatory frameworks due to be enforced later this year, 2024 has already started with some reassuring developments regarding crypto regulation. Chief among these was guidance issued by the European Banking Authority (EBA), which extended its guidelines on money laundering and terrorist financing to crypto asset service providers.  

The European Council and European Parliament also recently announced that it had reached a provisional agreement on the decision to create the brand-new Anti-Money Laundering Authority (AMLA) – a European authority with the expressed purpose of countering money laundering and financing of terrorism. Technical negotiations are expected to be ongoing for months, with a tentative aim of formally adopting final agreement by 2024. 

Proposals put forward include: 

  • Requirements for financial institutions to conduct enhanced due diligence on wealthy individuals, or on transactions involving high amounts.
  • Enhanced due diligence for cross-border crypto transactions. 

While obliged entities, including financial institutions, banks, real estate agencies, asset management services, casinos, and merchants traditionally enforce AML requirements like KYC, the new rules now cover most of the crypto ecosystem. All crypto-asset service providers will now be required to conduct due diligence on customers, including verifying personal KYC data, with such data required to accompany transfers under the Travel Rule when transactions exceed €1000 or more.

Stronger together.

In February, 2024, we joined a consortium of five partners, including the IOTA Foundationwalt.idSPYCE.5, and Bloom Labs, with the aim of making Crypto Asset Service Providers (CASPs) and self-hosted wallets compliant with the European Anti-Money-Laundering Regulation and the Transfer of Funds Regulation (TFR). [Read more about TFR in our blog, ‘EU extends TFR to crypto, requiring KYC for all crypto transactions.’]

A major challenge for CASPs will be to adhere to the new rules lies in GDPR compliance, as personal identifiable information (PII) should not be stored on blockchains or Distributed Ledger Technologies (DLT). However, to comply with the new regulations, CASPs need to know with whom they are doing business and continuously verify this information.

To address this challenge, the consortium has proposed a system where a trusted party tokenizes an identification process, allowing CASPs to have confidence in this process, without revealing any PII.

Discover more about the consortium by reading the press release and watching the explainer video below.

Putting the KYC into crypto and fintech.

While KYC processes are an integral part in ensuring crypto exchanges can protect themselves and their customers from fraud and money laundering, they are also an important requirement to comply with AML, MiCA and other crypto-related regulation. Having these controls in place will protect investors from financial losses and add stability to a notoriously volatile market. 

“The bottom line is that KYC and Know Your Business is at the nexus of this world and people are catching up to this reality – you have to know who is out there – as people go on or off chain or in and out of the traditional banking world,” warned Rayissa. 

IDnow’s highly configurable identity verification solutions work across multiple regulations, industries and use cases, including crypto and fintech. Whether automated or expert-assisted, our online identity verification methods have been optimized to meet the strictest security standards and regulatory requirements without compromising on customer conversion or consumer experience.

Discover how a IOTA Foundation-led consortium, featuring IDnow could change the future of identity in Web3 and the crypto space, in our blog, ‘IDnow team explains why invitation to European Blockchain Sandbox will take Web3 identity verification to the next level.’


Time to grow up? Crypto and fintechs rack up more AML fines than traditional financial services. 1

Jody Houton
Senior Content Manager at IDnow
Connect with Jody on LinkedIn


Let's talk!