Warning

Please be vigilant about TRM impersonation scams, especially those claiming to assist with fund recovery. More info

Solutions
Products
RESOURCES
Customers
Company
Request a demo
en
Search
Search
Insights
September 9, 2025

Mitigating Financial Crime Risks: Key Insights from the Wolfsberg Guidance on Banking Services for Stablecoin Issuers

TRM BlogInsightsInsights
Mitigating Financial Crime Risks: Key Insights from the Wolfsberg Guidance on Banking Services for Stablecoin Issuers

On September 4, 2025, the Wolfsberg Group — an association of twelve global banks that publish guidance for financial crime risk management — released its Guidance on the Provision of Banking Services to Fiat-backed Stablecoin Issuers. The guidance is significant, as it applies both long-standing financial crime principles — as well as some novel approaches — to a rapidly developing part of the digital asset ecosystem. 

The guidance begins by providing a foundation of the primary types of relationships that financial institutions (FIs) may establish with stablecoin issuers, and discusses best practices and controls for monitoring the risks associated with each offering. 

So, what are each of these offerings, and what are the risks associated with each?

Relationship types between FIs and stablecoin issuers

1. Operating accounts

Operating accounts are primarily used by stablecoin issuers — as with other FIs — to manage their own expenses, including salaries, vendor payments, and inter-company treasury management. Because these accounts do not typically process client funds, they are generally considered lower risk from a financial crime perspective. The principal concern for FIs arises where operating accounts are misused for client-related transactions — such as minting or redemption activities — which signals weaknesses in the issuer’s governance framework, or a purposeful circumvention of an FI’s risk management controls.

A more elevated financial crime risk could stem from an issuer’s facilitation in financial crime activity itself. If an issuer were to knowingly facilitate money laundering, terrorist financing, or sanctions evasion through its stablecoin-related activities, then any financial institution providing operating accounts to such an issuer could find itself exposed to potential reputational or regulatory risks.

Effective monitoring therefore requires FIs to confirm that operating accounts are used solely for permissible, intended operational purposes, with prompt escalation where deviations or suspicious activity are identified. This is identical to the existing, time-tested transaction monitoring approaches deployed by the vast majority of FIs in all other client relationships today.

2. Reserve accounts

Reserve accounts hold the assets that back an issuer’s obligation to redeem stablecoins at par value. These accounts are distinct from operating and settlement accounts in that they safeguard reserves rather than process day-to-day transactions. Activity in these account types should be limited, usually involving movements between reserve and settlement accounts or investments in permitted reserve assets (where applicable) such as government securities. 

While reserve accounts are often perceived as higher risk than operating accounts — owing to their direct link to client funds and their centrality to a stablecoin’s credibility — the risk profile depends on the breadth of the relationship. Where financial institutions also provide settlement accounts, they may have greater visibility into flows, thereby improving oversight.

Oversight should focus on (1) validating that reserve management practices align with the issuer’s stated policies and regulatory requirements, and (2) identifying anomalies that could indicate mismanagement or misrepresentation of reserves. For any FI already providing correspondent banking-style services to traditional financial institutions, this will feel similar to validating that respondent FIs are complying with their own safeguarding and segregation of assets requirements.

3. Settlement accounts

Settlement accounts form the bridge between fiat and on-chain activity. When stablecoins are issued, fiat is credited to a settlement account before being transferred into the reserves. When redeemed, the process reverses — with fiat released to clients via the same account.

These accounts are therefore more active than reserve accounts and handle a broader range of counterparties — making them the critical channel through which client funds flow into and out of the traditional financial system. As such, they’re typically seen to carry the highest level of financial crime risk exposure among the three account types. 

Financial institutions must therefore apply robust issuer diligence, transaction monitoring, payment screening, and periodic activity reviews — calibrated to the issuer’s overall risk profile — to ensure settlement flows remain consistent with expected activity and do not reveal suspicious or prohibited behavior. The guidance notes that the FI-deployed controls should act as an overlay to the controls enacted by the issuer themselves. The outcomes of the FI’s overlay controls — such as emerging trends in suspicious activity report (SAR) reporting or disproportionate exposure to specific typologies — should feed back into inquiries made of the issuer in the event of identified gaps, and inform control enhancements made by the issuer to prevent future exposure.

On-chain monitoring

The Wolfsberg Group highlights that one of the most distinctive challenges for financial institutions servicing stablecoin issuers is deciding the extent to which they should engage in monitoring on-chain activity

Given the transparent and expansive nature of public blockchains, attempting to follow a token after issuance “hop by hop” until it becomes connected with some risk can quickly become attenuated or misleading (particularly without appropriate insight from blockchain intelligence tools), impractical at scale, and inconsistent with a risk-based approach. 

In the published guidance, the Wolfsberg Group instead suggests that effective oversight should be framed around a simpler pair of questions:

  • Is the issuer operating within its stated risk appetite?
  • Am I comfortable with that risk appetite?

In practice, this requires the issuer to clearly define and communicate its risk appetite to the FI, along with the measures it uses to ensure compliance. This is already standard best practice for FIs onboarding other FIs in correspondent banking or banking-as-a-service relationships, and will likely be part of many FIs’ existing frameworks. The FI’s role is then to assess whether that appetite is acceptable in the first instance (typically, at onboarding) — and thereafter, to monitor with varying degrees of scrutiny. The extent of those monitoring controls would then be dictated by the issuer’s risk profile, nature or extent of the relationship, and the effectiveness of the issuer’s controls.

To supplement on-chain monitoring, FIs will often restrict the types of transactions that are supported for an issuer, which may include limiting permissible activity to the servicing of a specific, low-risk subset of the issuer’s customers. 

  • For example, an issuer may restrict minting to large, public market-listed corporates who act as distributors of the asset. In this scenario, more limited on-chain oversight may be necessary to become comfortable with the associated financial crime risk. 
  • In other cases, an FI might limit the issuer’s product/service access, deciding to exclusively provide an operating account to the issuer. Here, there is an argument to be made that no dedicated on-chain monitoring may be necessary
  • In higher-risk cases (e.g. when an issuer provides minting and burning services to smaller digital asset service providers in unregulated or high-risk jurisdictions), more extensive on-chain monitoring will likely be warranted by both the issuer and by the FI.
  • Between these extremes lies a middle ground, where issuers service regulated entities in lower-risk jurisdictions, supported by proportionate levels of issuer-led monitoring and consolidated oversight by the financial institution — similar to what is seen in the long-established correspondent banking oversight model.

The Wolfsberg Guidance provides the example of a higher-risk relationship with a “smaller DASP in an unregulated jurisdiction” or “high-risk third country.” The issuer may justify this relationship as being within appetite, based on enacting enhanced on-chain monitoring controls to manage the financial crime risk posed. For instance, the issuer may commit to reducing the client’s monthly transaction limits to enhance scrutiny, or increase the frequency of full account activity reviews (AAR) from quarterly to monthly. The FI should then — once controls are agreed and established — sample the effectiveness of these controls in practice.

Conclusion

The Wolfsberg Guidance offers a timely and pragmatic framework for financial institutions looking to identify and manage the financial crime risks inherent in relationships with stablecoin issuers. The guidance demonstrates that these risks — while relatively new — are not fundamentally different in nature from those already encountered by many in the provision of traditional financial services. 

In essence, what is required is the careful application of established, risk-based principles to a new and evolving context.

On-chain monitoring introduces an additional tool in the arsenal of those building stablecoin-focused financial crime frameworks. Here, the Wolfsberg Group’s message is clear: financial institutions should anchor their oversight to the issuer’s declared risk appetite, and the robustness of the controls that support their adherence to it. This approach mirrors established practices in correspondent banking, where confidence in counterparties’ governance and monitoring frameworks is central to effective risk mitigation.

For compliance teams, the key insight is that these relationships can be managed responsibly with the appropriate tooling and talent. By aligning oversight with the Wolfsberg principles — ensuring clear governance; robust reserve validation; effective monitoring of off-chain settlement flows; and thoughtful, proportionate integration of on-chain insights — financial institutions can support innovation in digital assets without compromising their financial crime risk frameworks. In doing so, they not only protect themselves from exposure, but also contribute to the safe and sustainable growth of the stablecoin ecosystem.

How can TRM help build controls for banks servicing stablecoin issuers?

  • Custom entity monitoring: Allowing FIs to monitor a custom set of wallet addresses that may correspond to accounts for issuer settlement activity (i.e. connecting on and off-ramps into a holistic monitoring function) and receive periodic updates on changes in activity and risk exposure.
  • Real-time transaction monitoring: TRM Transaction Monitoring can alert on higher risk transactions — such as high-value stablecoin deposits for redemption purposes — which allows financial institutions to review relevant on-chain activity prior to fulfilment of the redemption request.
  • Block Explorer for issuer due diligence: Use TRM’s Block Explorer to review the risk profile, including both on-chain and off-chain data, of prospects and existing clients.
  • Compliance advisory: TRM’s in-house team of subject matter experts are at our clients’ disposal for building, and maintaining, effective financial crime frameworks for FIs working with stablecoin issuers.
This is some text inside of a div block.
TRM Team

Related posts

arrow right
BLOG
September 9, 2025

Become a GENIUS: Key Insights from TRM's Webinar on Stablecoin Risk and Compliance

arrow right
White Paper
August 27, 2025

Banking on Stablecoins

No posts to show
No posts to show
arrow right
GUIDE
May 29, 2025

The Complete Crypto Compliance Program Guide for Financial Institutions

No posts to show

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe and stay up to date with our insights
No items found.
3D illustration of a blue magnifying glass hovering over a digital fingerprint on a dark background, symbolizing crypto investigations or forensic analysis.
FLIP BOOK
Learn more about common crypto-enabled scam typologies in our "Investigating Crypto Scams" flip book
Get your copy →
Illustration of a stablecoin represented by a dollar symbol surrounded by icons for growth, risk alert, user profiles, and a security shield with a target, connected through a network of hexagons — symbolizing the interconnected risks and compliance considerations in digital asset ecosystems.
USE CASE
Learn how TRM helps compliance teams monitor exposure, detect threats, and safeguard their organizations
TRM for stablecoin risk management →
A worn silver wrench tool on a brown-red background, as a metaphor for violent crime
BLOG
Learn about the recent rise of "wrench attacks" and crypto-related violent crime
Read the post →
Illustration of a financial institution icon and a compliance document with checkboxes, symbolizing regulatory due diligence and financial compliance in the digital asset ecosystem.
GUIDE
Learn best practices for evaluating the legal, operational, and financial integrity of crypto entities before engagement
Get the guide →
A judge's gavel rests beside a stack of gold-colored cryptocurrency tokens, including Bitcoin, Dogecoin, Ethereum, and others, symbolizing the intersection of digital assets and regulatory or legal oversight.
REGULATORY ACTION TRACKER
Stay updated on the latest crypto-linked regulatory actions available in the public domain
Check it out →
Screenshot of the splash page used by law enforcement agencies following the takedown of Garantex, with bold red lettering reading, "This domain has been seized," along with the logos of various international law enforcement agencies involved in the action.
BLOG
Learn more about the global law enforcement operation that took down Garantex
Read the post →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
2025 Crypto Crime Report: Explore how the crypto crime landscape evolved over the past year
DIG IN NOW →
Bright blue fiber optic cables on a dark blue background, with flashes of white sparks interspersed throughout.
REPORT
As AI technology becomes more sophisticated, so will the ways in which criminals use it. See what TRM is doing to counter AI-enabled crime.
FIGHT AI WITH AI →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
The crypto crime landscape saw significant shifts in 2024, including decreases in illicit volumes. Dig into the data here.
PREVIEW THE CRYPTO CRIME REPORT →
Cork board with mugshots of Heather "Razzlekhan" Morgan and Ilya Lichtenstein, with their names written in handwritten script below their photos, and push pins on the board connected by red string.
DOCUMENTARY
Stream “Biggest Heist Ever” and get a behind-the-scenes peek from the TRM team
CHECK IT OUT →
A light blue two dimensional circle (representing a stablecoin) floating against dark blue and white curved lines (representing waves), with thin dotted blue and white lines overhead to represent wind.
REPORT
Explore the macro trends and jurisdictional developments that shaped the global crypto policy landscape in 2024
READ THE REPORT →
Illustration on a dark blue background showing a bug and exclamation mark (representing illicit activity), a globe with pin points, a coin, and a bar chart.
REPORT
See the countries with the highest rates of crypto adoption — and the highest rates of exposure to illicit activity
READ THE REPORT NOW →
A blue rectangle with geometric shapes in the background and dots connected by thin lines in the foreground, representing connections on the bockchain.
WHITE PAPER
Explore four ways TRM improves compliance in the modern sanctions enforcement era
Download the white paper →
Illustration of a pig butchering chart featuring various cryptocurrency logos in each section, with a bright blue sheriff's badge on top, symbolizing law enforcement's role in combating fraud.
CASE STUDY
See how Deputy District Attorney Erin West and the REACT Task Force are fighting back against pig butchering
WATCH THE VIDEO →
Illustration of an eye, skull and crossbones, and a pie chart on a light blue background, symbolizing the dangers of crypto scams and financial fraud.
REPORT
Explore the key trends that shaped that the illicit crypto economy in 2023
GET THE REPORT →
Close-up photograph of the United States Capitol building with snow falling
BLOG
Learn why cryptocurrency has become a central issue in the 2024 US election
READ THE POST
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Take a deep-dive into the Russian-speaking illicit crypto ecosystem
READ THE FULL REPORT
Outline of pig with law enforcement shield overlaid
Case Study
Learn more about how the REACT Task Force is tackling pig butchering
Read the case study
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Explore recent ransomware trends in the Russian-speaking crypto ecosystem—including the role of ransomware groups in cybercrime around the world
GET THE REPORT
Person typing on a laptop keyboard with dark blue filtered overlay
BLOG POST
Learn about summer 2024’s spate of ransomware attacks, and the proliferation of RaaS around the world
READ THE POST
REPORT
Learn about cryptocurrency’s role in the international synthetic drug precursor market
GET THE REPORT