Treasury Urges Targeted DeFi AML Rules

The U.S. Treasury has published its long-awaited digital asset illicit-finance report to Congress, and the clearest policy signal is not a blanket anti-crypto push. Instead, Treasury is backing a technology-neutral, risk-based compliance model that leans on AI, digital identity, blockchain analytics, and APIs, while separately urging Congress to define which DeFi actors should face AML/CFT obligations.

The report was issued in March 2026 as part of the GENIUS Act’s implementation. Treasury said it reviewed more than 220 public comments and used the report to assess digital-asset illicit-finance risks, the role of mixers and stablecoins in obfuscation, and the compliance potential of newer technologies across the financial sector.

What Treasury said

Treasury’s core policy stance is that AML/CFT regulation should remain technology-neutral and risk-based. In other words, the government is not telling institutions to adopt one mandated compliance stack. It is saying that well-governed use of tools such as AI, digital identity, blockchain analytics, and APIs can improve how financial institutions detect and disrupt illicit finance involving digital assets.

That matters because the report lands at a moment when digital-asset activity is larger and more institutionally relevant than it was even a year earlier. Treasury cited proxy data showing 3.8 billion successful monthly transactions on public blockchains in early 2025, up 96% year over year, while also pointing to growing institutional interest in custody, exchange-traded products, and stablecoin issuance.

The risks Treasury is trying to address

The report makes clear that the government still sees digital assets as a meaningful channel for fraud, sanctions evasion, ransomware, and North Korean cybercrime. Treasury pointed to more than $9 billion in reported 2024 losses from digital asset-related fraud in FBI IC3 data, including $5.8 billion tied to investment schemes, and said DPRK-linked actors stole at least $2.8 billion in digital assets from January 2024 through September 2025.

Treasury also spends time on obfuscation tools. It says lawful users may use mixers for privacy, but criminals frequently use mixing, bridging, and swapping to make tracing harder. The report adds that stablecoins often appear as one part of a more complex laundering chain, especially when illicit actors move value across blockchains or toward cash-out points.

The technologies Treasury wants institutions to use more effectively

On AI, Treasury says generative AI can help both the public and private sectors fight financial crime, even as the same technology can be abused in scams and deepfake fraud. Its first recommendation is to use public-private partnerships to help financial institutions share lessons and good practices on AI tools for AML/CFT compliance.

On digital identity, Treasury takes a notably supportive tone. The report says verifiable digital credentials and tokenized credentials can reduce duplication in customer identification and help combat fraud. Treasury said it plans to issue guidance on using verifiable digital credentials, explore legislation to encourage adoption, and work with NIST and international partners on interoperability.

On blockchain monitoring, Treasury said it will engage industry on best practices, support supervisors that need more tools and training, promote wider sharing of illicit-finance indicators, and explore legislative changes to clarify voluntary information-sharing for fraud detection and prevention. On APIs, Treasury said it wants more standardized and open-source compliance interfaces, with an emphasis on smaller institutions that may lack technical resources.

What stands out in the report’s approach

The report is not written as a call to slow innovation. Its framing is that responsible innovation can strengthen the financial system, improve law-enforcement visibility, and reduce friction for legitimate users. That is a meaningful distinction: Treasury is treating compliance technology as an enabler of digital-asset growth, not only as a constraint on it.

What Treasury wants Congress to do on DeFi

The most consequential legislative section is the DeFi chapter. Treasury says Congress should consider specifying which actors in the decentralized finance ecosystem should be subject to AML/CFT obligations, based on the roles they play and the risks attached to those roles. That is a more targeted approach than simply labeling the entire DeFi stack as regulated financial intermediation.

Treasury also recommends that Congress consider stronger tools for dealing with foreign money-laundering threats, including those tied to DeFi. Specifically, the report says lawmakers should consider adding a sixth special measure to Section 311 so Treasury could prohibit or condition certain “transmittals of funds” that are not tied to correspondent banking relationships.

At the same time, the report acknowledges that some DeFi-linked participants are already deploying risk controls, including wallet risk scoring and rejecting transactions above certain thresholds. It also notes that blockchain data, APIs, oracles, and on-chain identity tools may improve visibility into illicit activity in decentralized systems.

Why this matters now

This report gives one of the clearest recent signals on where Washington may be heading on crypto compliance. Treasury is not arguing that digital assets fall outside the financial system. It is arguing the opposite: as digital assets become more embedded in regulated finance, the surveillance, identity, analytics, and data-sharing layers around them must mature as well.

It also sharpens the likely policy split between centralized and decentralized crypto infrastructure. For banks, stablecoin issuers, custodians, and other identifiable intermediaries, the direction of travel is toward more advanced compliance tooling. For DeFi, the debate is shifting toward which actors are sufficiently identifiable, influential, or risk-bearing to justify direct legal obligations.

Why it matters for crypto

• It strengthens the case that U.S. crypto policy is moving toward targeted, role-based compliance rather than one-size-fits-all rules across the entire market.
• It puts AI, digital identity, blockchain analytics, and APIs closer to the center of the crypto infrastructure story, especially for banks, custodians, stablecoin firms, and other regulated players.
• It increases pressure on DeFi-adjacent operators to think harder about governance, control, wallet screening, transaction filtering, and how regulators may define accountable actors.
• It suggests future crypto regulation may focus as much on data, identity, and information-sharing architecture as on token issuance or trading rules.

What to watch next

• Whether Congress takes up Treasury’s DeFi recommendation and tries to define which ecosystem participants should face AML/CFT obligations.
• Whether Treasury follows through with guidance on verifiable digital credentials and pushes legislation to support digital identity adoption.
• Whether FinCEN, supervisors, and industry groups build new standards around AI use, blockchain analytics, and voluntary information-sharing.
• Whether Section 311 expansion becomes a real legislative fight, especially if lawmakers view DeFi-linked foreign illicit-finance flows as a growing national-security issue.