March 11, 2026

Treasury Outlines Innovation Roadmap for Countering Illicit Finance in Digital Assets

Lawrence Cameron, Genna Garver, Peter Jeydel, Michael Lowe, Carlin McCrory, Edward Nogay, Ethan Ostroff Troutman Pepper Locke + Follow Contact LinkedIn Facebook X Send Embed

The U.S. Department of the Treasury (Treasury) has delivered to Congress the report on Innovative Technologies to Counter Illicit Finance Involving Digital Assets, as required by the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act. The report largely reflects the comments Treasury received about how financial institutions (including digital asset service providers (DASPs)) use technologies such as artificial intelligence (AI), digital identity, blockchain analytics, and application programming interfaces (APIs) to detect and disrupt illicit finance involving digital assets, including payment stablecoins. The report highlights many of the challenges and frustrations that institutions are experiencing in trying to adopt these emerging technologies, and promises additional guidance in the future.

The report still does not tackle the hardest issues in this space. This is the latest back-and-forth between Congress and the executive branch, as each tries to encourage the other to start to define clear rules of the road in this sector. Specifically, Treasury, in the report, recommends that Congress enact additional legislation to define the rules that DASPs and traditional financial institutions should follow in complying with anti-money laundering/countering the financing of terrorism (AML/CFT) standards, including sanctions.

Similarly, the recent proposed rule by the Office of the Comptroller of the Currency (OCC) to implement the GENIUS Act says little about AML/CFT compliance in practice — e.g., requiring board certifications regarding compliance, but still not specifying what compliance means for specific types of financial institutions or other actors in this unique sector.

For those who have been watching the efforts by Congress to enact a market structure bill aimed at regulating digital assets, most bets will be on a long wait before one branch or the other of our government takes meaningful action to clarify these rules.

Background
The GENIUS Act established a framework for payment stablecoins and directed Treasury to assess innovative tools regulated financial institutions use or could use to detect money laundering, sanctions evasion, and other illicit finance involving digital assets.

To prepare the report, Treasury issued a public request for comment and received more than 220 responses from financial institutions, industry associations, technology and blockchain analytics firms, and other stakeholders. Treasury also drew on its National Illicit Finance Risk Assessments and broader digital asset work.

The report proceeds in two parts: (1) a risk assessment of how illicit actors misuse digital assets and where current controls fall short; and (2) a technology and policy roadmap focused on AI, digital identity, blockchain monitoring and analytics, APIs, and decentralized finance (DeFi).

Key Points

• Risk Assessment and Vulnerabilities
  • Digital asset activity has grown rapidly, with fraudsters, ransomware actors, transnational criminal organizations, and sanctioned states (including North Korea, Russia, and Iran) increasingly using digital assets to move and conceal funds.
  • Core vulnerabilities include jurisdictional arbitrage (DASPs operating from less regulated jurisdictions), non-compliance with U.S. Bank Secrecy Act (BSA) and Office of Foreign Assets Control (OFAC) obligations, and abuse of digital asset kiosks with poor controls.
  • Mixers, tumblers, bridges, and other obfuscation tools — often used in combination with stablecoins — are often central to laundering schemes and can make tracing and enforcement significantly more difficult, even as Treasury acknowledges that some users rely on these services for legitimate financial privacy purposes.
• Regulatory Framework and Policy Direction
  • Treasury reaffirms a technology-neutral, risk-based approach under the BSA and Anti–Money Laundering Act of 2020.
  • DASPs are generally in-scope based on the activities they perform.
  • At the same time, Treasury acknowledges that existing rules do not fully address decentralized protocols and recommends that Congress consider new, digital asset–specific types of financial institutions within the BSA, and clarify which DeFi actors should be subject to BSA/AML obligations.
• AI
  • Financial institutions are using or testing traditional machine learning and generative AI to enhance transaction monitoring, reduce false positives, strengthen sanctions and adverse media screening, assist investigations, and detect synthetic identities and deepfakes.
  • Treasury highlights challenges around data quality, model “black box” issues, cost, and regulatory uncertainty, as well as adversarial use of AI for deepfake-enabled fraud and more sophisticated social engineering.
  • Treasury plans to: (i) use public–private partnerships to share AI compliance practices, (ii) issue supportive guidance/FAQs encouraging risk-based use of AI, and (iii) coordinate with the National Institute of Standards and Technology (NIST) on applying the AI Risk Management Framework in the financial sector.
• Digital Identity
  • Treasury views digital identity tools — such as mobile driver’s licenses, verifiable credentials, and privacy-preserving mechanisms (e.g., zero-knowledge proofs) — as central to combating identity fraud and streamlining customer identification and compliance.
  • Barriers include fragmented standards, interoperability issues, legacy infrastructure, concerns over concentrated personally identifiable information (PII), and uncertainty about examiner acceptance.
  • Treasury intends to: (i) issue guidance on using verifiable digital credentials within existing customer identification programs, (ii) explore legislation and funding to support adoption (especially for smaller institutions), and (iii) work with NIST and international partners on common standards and cross-border interoperability.
• Blockchain Monitoring and Analytics
  • Blockchain analytics tools are now commonly used by institutions with digital asset exposure, supporting address attribution, transaction tracing (including across chains and bridges), typology detection, and integration of on-chain and off-chain data.
  • Key concerns include the probabilistic nature of analytics in light of the current regulatory and supervisory frameworks, gaps in coverage, the impact of mixers and anonymity-enhanced assets, cost and integration challenges, and uneven examiner expertise.
  • Treasury will focus on clarifying supervisory expectations, supporting examiner training, promoting sharing of blockchain-related illicit finance indicators, and exploring legislative enhancements to information-sharing and a digital asset–specific “hold law” safe harbor that would allow institutions and authorities to temporarily hold or freeze suspicious transactions involving digital assets (including stablecoins) while investigations proceed.
• APIs
  • APIs are described as foundational infrastructure for modern AML/CFT compliance, enabling real-time data sharing between core systems, such as blockchain analytics, digital identity tools, and sanctions screening platforms.
  • Industry sees APIs as critical to pre-transaction risk checks and proactive interdiction, but notes challenges related to security, privacy, fragmented standards, and integrating with legacy architectures.
  • Treasury plans to leverage public–private partnerships and collaboration with NIST to promote standardized, secure, and potentially open-source API specifications that lower integration costs and support broader adoption, particularly by smaller institutions.
• DeFi
  • Treasury acknowledges that the current BSA/AML framework does not fully account for DeFi protocols with distributed or immutable governance and recommends that Congress clarify which DeFi actors should have BSA/AML responsibilities and what those should be.
  • Recommended steps include: (i) specifying which DeFi participants (e.g., those with effective centralized control) should be considered regulated DASPs; (ii) enhancing tools to address cross-border risks, including through a new Section 311 “special measure” that would more broadly cover the digital asset sector and not rely on correspondent banking relationships; and (iii) considering digital asset–specific financial institution types and updated guidance once Congress acts. Our Take

Treasury’s report is less a revelation of new obligations or opportunities and more a signal of how existing AML/CFT practices are evolving, including the challenges institutions face in meeting regulatory expectations.

Treasury clearly expects institutions with meaningful digital asset exposure to evaluate and, where appropriate, adopt modern tools such as AI, digital identity, blockchain analytics, and APIs as part of a risk-based program. At the same time, the report recognizes the cost and capability gap that smaller entities face, as well as the regulatory uncertainty that clouds all institutions’ use of these technologies under the current regulatory and enforcement framework.

While Treasury aims to work with Congress to clarify the BSA/AML rules and expectations in the digital asset sector, and to issue more guidance to that end, for the time being institutions are still largely left to navigate this complex terrain as best they can and balance operational realities against regulatory risk.

Send Print Report

Latest Posts

• CCPA Cybersecurity Audits: Part 1 – The Who, What, and When of CCPA Cyber Audits
• Treasury Outlines Innovation Roadmap for Countering Illicit Finance in Digital Assets
• Senators Introduce REWIRE Act of 2026 to Address Electric Grid Capacity and Planning
• PJM Proposes Expedited Generator Interconnection Track
• Troutman Pepper Locke Weekly Consumer Financial Services Newsletter – March 2026 #2 See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
Troutman Pepper Locke

Written by:

Troutman Pepper Locke Contact + Follow Lawrence Cameron + Follow Genna Garver + Follow Peter Jeydel + Follow Michael Lowe + Follow Carlin McCrory + Follow Edward Nogay + Follow Ethan Ostroff + Follow more less

What do you want from legal thought leadership?

Please take our short survey – your perspective helps to shape how firms create relevant, useful content that addresses your needs:

Take the survey now »

Published In:

AML/CFT + Follow Anti-Money Laundering + Follow APIs + Follow Artificial Intelligence + Follow Blockchain + Follow BSA/AML + Follow Decentralized Finance (DeFi) + Follow Digital Assets + Follow Money Laundering + Follow Stablecoins + Follow The GENIUS Act + Follow U.S. Treasury + Follow General Business + Follow Finance & Banking + Follow International Trade + Follow Science, Computers & Technology + Follow Securities + Follow more less

Troutman Pepper Locke on:

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: Sign Up Log in ** By using the service, you signify your acceptance of JD Supra's Privacy Policy.* - hide - hide