U.S. Treasury Report on AI, Digital Identity, and Blockchain Analytics to Combat Illicit Finance in Digital Assets.

Digital assets have grown rapidly and are now a major driver of financial innovation and economic activity. However, they also introduce new channels for money laundering, fraud, sanctions evasion, and other illicit financial activities.

The Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act of 2025 requires the U.S. Treasury to study how innovative technologies can help detect and prevent illicit finance involving digital assets. The resulting report to Congress examines how financial institutions can use Artificial Intelligence (AI), digital identity, blockchain monitoring and analytics, and Application Programming Interfaces (APIs) to strengthen anti-money laundering and counter-terrorist financing (AML/CFT) programs.

The report highlights both the opportunities and risks of digital assets and proposes ways to balance innovation, financial integrity, and national security.

Risk Landscape: Growth, Threats, and Vulnerabilities

Rapid growth of digital assets

Digital asset usage has expanded significantly in recent years. Public blockchains processed about 3.8 billion successful transactions per month in early 2025, representing a roughly 96% year-over-year increase.

Financial institutions are increasingly entering this market by:

• Providing digital-asset custody services
• Offering exchange-traded products
• Issuing stablecoins

Most of these institutions fall under existing AML/CFT obligations under the Bank Secrecy Act (BSA) and sanctions rules enforced by OFAC.

Major illicit threats

Treasury identifies several actors exploiting digital assets:

Investment scams

“Pig-butchering” investment scams often begin through social media or dating platforms. Victims are persuaded to invest in fake crypto platforms.

• Over $9 billion in digital-asset-related fraud was reported to the FBI in 2024.
• Around $5.8 billion came from investment schemes alone.

DPRK cybercrime

North Korean hacking groups steal digital assets from exchanges and service providers to finance weapons programs.

• At least $2.8 billion stolen between January 2024 and September 2025
• A $1.5 billion hack in February 2025 marked the largest digital-asset theft recorded.

Ransomware

Ransomware groups commonly demand payment in cryptocurrency.

• Payments reported to FinCEN reached $1.1 billion in 2023
• Fell to around $734 million in 2024 due to law-enforcement efforts and improved defenses.

Sanctions evasion

Countries under sanctions, including Russia and Iran, sometimes use digital assets to bypass restrictions.

Examples include:

• A ruble-backed stablecoin for cross-border settlements
• Crypto purchases linked to illicit Iranian oil sales.

Structural vulnerabilities in the ecosystem

Several weaknesses enable illicit activity:

Jurisdictional arbitrage

Digital asset service providers (DASPs) may operate across multiple jurisdictions with uneven regulation. Some exploit regulatory gaps to avoid AML/CFT oversight.

Non-compliant digital asset providers

Certain DASPs that serve U.S. users fail to register with regulators or lack effective AML controls.

Crypto ATMs (digital asset kiosks)

Crypto kiosks can be used in scams.

• More than 10,900 complaints in 2024
• Approximately $246.7 million in reported losses

Mixers and privacy tools

Mixers combine and redistribute funds from multiple users to obscure transaction histories. They are frequently used by ransomware actors, darknet markets, and DPRK hackers.

However, Treasury notes that privacy tools also have legitimate uses, such as protecting sensitive business transactions.

Stablecoins and cross-chain bridges

Stablecoins and blockchain bridges play a growing role in laundering flows.

• Over $37 billion in bridge withdrawals since 2020 involved major stablecoins.
• Bridges received about $1.6 billion in deposits from mixers.

A common laundering pattern:

1. Stolen crypto is sent to a mixer
2. Funds are converted to stablecoins
3. Assets are moved across blockchains through bridges

U.S. Regulatory Framework and Policy Priorities

The Bank Secrecy Act (BSA) remains the core U.S. law for combating money laundering and terrorist financing.

The GENIUS Act expands this framework by explicitly applying BSA obligations to payment stablecoin issuers, requiring AML programs, sanctions screening, and customer identification controls.

Treasury emphasizes three key policy priorities:

1. Promote responsible innovation – Encourage new technologies that strengthen compliance.
2. Collaborate with industry and regulators – Improve understanding of emerging tools.
3. Coordinate international standards – Promote interoperable global frameworks.

The overall approach remains risk-based and technology-neutral.

Artificial Intelligence (AI)

How financial institutions use AI

AI tools are increasingly used in AML/CFT compliance:

• Detecting suspicious transactions
• Fraud monitoring
• Customer risk scoring
• Sanctions screening
• Blockchain transaction graph analysis
• Detecting chain-hopping and smurfing patterns

AI can significantly reduce false positives, allowing investigators to focus on higher-risk activities.

Challenges

Adopting AI presents several challenges:

• Data quality and bias
• High implementation costs
• Regulatory uncertainty

Additionally, criminals are also exploiting AI:

• Deepfakes used in identity verification
• AI-generated phishing messages
• Synthetic identities for account creation.

Treasury actions

Treasury plans to:

• Issue guidance on responsible AI use in AML/CFT
• Promote AI risk management frameworks
• Encourage public-private collaboration on AI compliance tools.

Digital Identity

Digital identity systems improve the reliability of identity verification in financial services.

Examples include:

• Mobile driver’s licenses
• Portable digital credentials
• Zero-knowledge proofs
• Identity credentials linked to digital wallets

These tools can strengthen KYC processes while reducing unnecessary data collection.

Scale of identity-related financial crime

Identity-related suspicious activity reports are significant.

• 1.6 million SARs in 2021
• Representing about 42% of all SAR filings
• Covering roughly $212 billion in activity

Treasury priorities

Treasury recommends:

• Guidance on verifiable digital credentials
• Incentives to support digital identity adoption
• International interoperability standards
• Expanded use of trusted third-party identity providers.

Blockchain Monitoring and Analytics

Blockchain analytics tools track transactions on public ledgers to detect illicit activity.

Financial institutions use them to:

• Trace flows linked to hacks or scams
• Identify high-risk wallets and exchanges
• Analyze cross-chain transactions
• Map networks of related addresses.

Policy recommendations

Treasury recommends:

• Greater data sharing between industry and government
• Increased training for supervisors and investigators
• Development of best practices for blockchain analytics.

A proposed digital-asset “hold law” would allow institutions to temporarily freeze suspicious digital assets while investigating potential crimes.

APIs: Connecting Compliance Systems

Application Programming Interfaces (APIs) allow financial systems to exchange information automatically.

Common AML/CFT uses include:

• Connecting internal systems with sanctions lists
• Automating onboarding and identity verification
• Real-time fraud monitoring
• Integrating blockchain analytics tools.

Treasury encourages development of secure, standardized APIs so institutions can integrate compliance tools more easily.

Decentralized Finance (DeFi)

DeFi platforms provide financial services through smart contracts without traditional intermediaries.

Risks include:

• Pseudonymous transactions
• Lack of centralized compliance oversight
• Use of mixers and bridges
• Rapid innovation that outpaces regulation.

However, DeFi’s transparent blockchain data can also help investigators trace illicit activity.

Legislative recommendations

Treasury suggests Congress consider:

1. Defining which DeFi actors have AML/CFT obligations
2. Expanding BSA Section 311 powers to target foreign threats
3. Creating digital-asset-specific financial institution categories under the BSA.

These measures aim to clarify compliance responsibilities while supporting responsible innovation.

The GENIUS Act report highlights the dual nature of digital assets: they drive financial innovation but also create new risks for illicit finance.

To address these risks, the U.S. Treasury recommends a multi-layered strategy that includes:

• Artificial Intelligence for advanced transaction monitoring
• Digital identity tools to strengthen KYC
• Blockchain analytics to trace illicit flows
• APIs to integrate compliance systems.

The report ultimately calls for collaboration between government, financial institutions, and technology providers to ensure that digital assets can develop responsibly while maintaining the integrity of the global financial system.