Six Things Compliance Leaders Are Focused On Right Now

TRM Team
Six Things Compliance Leaders Are Focused On Right Now

In June 2026, TRM Labs brought together senior compliance leaders from the world's largest financial institutions and leading crypto-native firms for a day of closed-door sessions in New York City. Conversations spanned the threat landscape, AI adoption, tokenization risk, sanctions evasion, and the state of public-private disruption.

Six priorities cut across every session, all pointing to the same gap: as bad actors move faster and grow more sophisticated, bolstered by AI, how will the compliance frameworks built to contain them keep up?

Key takeaways

  • According to TRM’s 2025 Crypto Crime Report, 95% of sanctioned entity inflows now occur in stablecoins — a shift that has outpaced most compliance program updates.
  • Regulators are moving from activity-based metrics to outcome-based ones, asking whether compliance programs are effective, not just generating suspicious activity reports (SARs).
  • AI amplifies the program it runs on. Deploy it on a well-functioning program and it improves; deploy it on a broken one and it scales the failures.
  • Legacy risk infrastructure at traditional financial institutions isn't built for on-chain speed. Siloed AML, fraud, sanctions, and cybersecurity functions can't keep pace with DeFi transactions that touch all four simultaneously.
  • TRM's Beacon Network reported USD 80 million in disruptions in its first year, with a false positive rate under 10%, demonstrating the value of automated public-private intelligence sharing.
  • Stablecoin issuers face a potentially new obligation: maintaining general secondary market monitoring capabilities, not just responding to specific lawful orders.

{{horizontal-line}}

1. Stablecoins changed the sanctions evasion equation, and most programs haven't caught up

Two years ago, the prevailing view among compliance professionals was that sanctions evasion at scale via crypto was not feasible. Not enough liquidity. Too much volatility. Nation-states under economic pressure couldn't operationalize it. Of course, we now know this isn’t the case.

According to TRM's analysis of sanctioned entity inflows, 95% now occur in stablecoins. Dollar-pegged stablecoins offer the same advantages to illicit actors that make them attractive to everyone else: deep liquidity, cross-border utility, and stability. Nation-states under sustained economic pressure have made digital assets a core part of their financial survival strategy, and their evasion tactics have evolved accordingly.

A typology discussed throughout the Summit involves purchasing discounted stablecoins tied to hack proceeds, executing a series of cross-chain swaps specifically designed to break freeze-and-seize capabilities, then re-entering stablecoins near the off-ramp. Funnel accounts have short lifespans, high throughput, and are never reused. This leaves a footprint on-chain: funds splinter before reaching a final exchange, with intermediate addresses showing no other activity. Point-of-off-ramp sanctions screening alone won't catch this behavior. Compliance teams instead have to trace backward through multiple hops. 

Western-registered exchanges and banks — in the UK, the US, Singapore, Hong Kong, and the UAE — are operating as nodes in front company networks for sanctioned regimes. But jurisdictional distance from a sanctioned country is not a reliable proxy for exposure. Effective stablecoin risk management requires tracing through the full transaction chain, not just screening at the point of deposit.

2. Regulators want outcomes, not activity metrics

The era of "show us your SAR filings and your risk engine" is ending. Regulators increasingly want to know whether compliance programs are actually preventing illicit activity, and whether intelligence is reaching law enforcement in time to make an impact.

The compliance profession does not yet have a shared definition of "effective" — or agreed-upon measurement frameworks to support one. While the volume and complexity of illicit activity is growing, across the board, headcount isn’t. And the metrics most anti-money laundering (AML) programs track — alert volumes, SAR counts, case close rates — don't directly answer the kinds of questions regulators are now asking.

This gap shows up in examinations. One speaker described a pattern seen repeatedly: many firms have risk assessments that accurately identify real risk, but haven't yet mapped what specific controls should flow from that risk assessment. But the message from regulators is clear: stop treating compliance as a documentation exercise and start demonstrating that the program actually works.

The firms making progress on this mandate are moving toward outcome-based KPIs like intelligence shared with law enforcement, interdictions supported, and disruptions attributable to compliance activity.

3. AI amplifies whatever program it's running on

LLM-powered case management systems, automated first-draft SAR narratives, multi-agent pipelines that triage materiality across hundreds of product launches, enhanced due diligence workflows running from a single customer input — all examples of compliance-focused AI applications that teams are considering and building towards.

It’s important to remember that AI amplifies whatever program it's deployed on top of. A well-functioning compliance program can apply AI to discrete, well-defined tasks and see real improvements in quality and throughput. A program with existing gaps that deploys the same AI will inadvertently train it to inherit and scale those same failures. The resounding guidance was “don’t automate a broken program.”

Looking ahead, it was clear that agentic commerce has also started creating new questions for the industry. If an AI agent transacts on behalf of a user, who is the subject of Know Your Customer (KYC) verification? Firms can KYC the customer who deploys an agent, but can’t always identify who deployed the counterparty agent on the other side of a transaction. Current KYC frameworks don't map cleanly to this architecture; the firms that will be ready for agentic commerce are the ones thinking about this challenge now.

4. Legacy risk and monitoring infrastructure wasn't built for on-chain speed

AML, fraud, sanctions, and cybersecurity functions at most large financial institutions operate with separate service-level agreements, alert queues, tooling, and accountability structures — systems designed for a world where a suspicious transaction was batch-processed overnight and reviewed the next morning. But a single decentralized finance (DeFi) transaction can carry simultaneous AML, fraud, sanctions, and cybersecurity dimensions. Siloed risk functions can’t sit on top of decentralized products. The risk practice has to be unified, at first and second line, for digital asset programs to be supervised effectively.

The monitoring tooling gap is just as real. Transaction monitoring tools built for traditional finance process data in batches and can't integrate on-chain data natively alongside fiat data.  This is why tools like TRM Transaction Monitoring are so critical for identifying and flagging risky transactions in real time.

5. Criminal networks are highly coordinated; compliance programs must be, too

Organized illicit networks have built the infrastructure to operate in a highly coordinated way across borders, jurisdictions, and criminal categories. But compliance functions remain largely siloed within firms, and even within risk teams inside those firms.

Threat briefings presented throughout the day demonstrated the convergence of nation-state actors and criminal organizations around the same blockchain-based laundering infrastructure. Russian sanctions evasion infrastructure, Iran-linked entity wallets, and North Korean hack proceeds are directly connected on-chain, with funds moving through the same laundering networks. And scam compound operations, historically concentrated in Southeast Asia, are now establishing sites in Africa and Latin America, with organized crime groups diversifying into fraud as a higher-return, lower-interdiction-risk business line.

The compliance response to this asymmetry is beginning to take shape through more structured public-private intelligence sharing, with TRM’s Beacon Network paving the way. Beacon Network is a real-time intelligence-sharing collective that helps law enforcement, crypto exchanges, DeFi services, and stablecoin issuers stop illicit funds before they are withdrawn. Within its first year of operation, Beacon has supported USD 80 million in disruptions.

Private sector participants in Beacon reported a false positive rate under 10% on inbound alerts, substantially higher confidence than standard probabilistic blockchain analytics signals, and sufficient to act on without waiting for a formal legal process. The Beacon model now covers approximately 70 private sector entities, representing around 75% of centralized exchange volume. One speaker summarized it like this: "The cost of Beacon is your operational overhead. The cost of not being in Beacon is paid for by the victims."

6. Secondary market compliance is the next expectation

Multiple regulatory signals from different directions are converging on a new expectation for stablecoin issuers and others with broad on-chain connectivity: the obligation to monitor assets extends beyond their own customers' wallets.

The GENIUS Act, which passed in 2025, codified the technical requirement — freeze, seize, and burn capabilities for stablecoin issuers. FinCEN's proposed rulemaking on permitted payment stablecoins introduced what practitioners described as a potentially distinct obligation: to maintain general secondary market monitoring capabilities, separate from and in addition to responding to specific lawful orders. It’s a new effectiveness standard that has not yet been widely operationalized.

This also brings up a durability question. Most regulatory progress in this space is currently happening through interpretive letters and agency guidance rather than formal legislation. A letter from one administration can be rescinded overnight by the next. The practitioners who are building for the long term are pushing to get key requirements embedded in formal regulation — not because they want more rules, but because the infrastructure required to comply takes years to build, and they need policy stability to justify the investment.

What it will take to combat the growing threat of AI-enabled crime

Across all of the sessions and discussions held at the Summit, one pressure point stayed consistent: compliance programs designed for an earlier threat environment are being tested by actors who coordinate more effectively than the institutions trying to stop them. 

Criminal enterprises are sharing laundering infrastructure across nation-state and criminal lines, moving funds faster than formal legal processes allow, and scaling operations across jurisdictions that compliance programs largely still treat as separate domains. The firms closing the gap are doing two things. 

  1. Building unified risk infrastructure — on-chain and off-chain, AML and fraud and sanctions, first and second line — rather than treating digital assets as another product channel bolted onto a legacy stack. 
  2. Building relationships with law enforcement, peer institutions, and public sector partners working the same problems

The threat has outpaced the frameworks. But what the Summit made clear is that the practitioners most serious about closing that gap are the ones sprinting to build the new frameworks the industry needs to catch up.

{{horizontal-line}}

Discussions at the TRM Summit were held under Chatham House Rules. Insights in this post reflect themes from those conversations and are not attributed to any individual speaker or organization.

This is some text inside of a div block.
Subscribe and stay up to date with our insights
No items found.