Anti-Money Laundering enforcement has overtaken securities violations as the leading regulatory threat facing cryptocurrency companies, according to a new report by blockchain security auditor CertiK. The United States Department of Justice and Financial Crimes Enforcement Network imposed more than $1 billion in AML-related fines on crypto firms during the first half of 2025, marking a decisive shift in the regulatory landscape.

SEC Enforcement Collapses as DOJ Steps In

The shift marks a sharp break from the Securities and Exchange Commission-led enforcement cycle that defined earlier years of crypto regulation. SEC crypto-specific penalties collapsed 97% in penalty value year over year, dropping from $4.9 billion in 2024 to $142 million in 2025. Transaction monitoring and licensing failures are now drawing penalties that rival or exceed many earlier crypto securities cases.

The DOJ's February 2025 settlement with OKX reached $504 million, while KuCoin paid $297 million in January 2025, both for operating unlicensed money transmitting businesses and Bank Secrecy Act violations. Together, these two cases alone account for the bulk of the $1.06 billion in AML-related fines recorded in the first half of the year.

A Global Enforcement Pivot

The enforcement pivot is not confined to the United States. European AML fines surged 767% over the same period, while Asia-Pacific regulators increasingly favour licence revocations and business improvement orders over monetary penalties. Sanctions-related crypto volume grew over 400% year over year in 2025, driven primarily by Russia-linked networks and state-aligned stablecoin infrastructure.

The surge in AML enforcement highlights regulators' growing focus on compliance controls and financial surveillance, with penalties increasingly targeting operational failures rather than disclosure-related violations. The shift reflects both a change in US administration policy and a broader reassessment of the SEC's jurisdictional approach to digital assets.

Basel Rules Create a Structural Divide

The enforcement pivot coincides with broader global regulatory trends. Stablecoin regulations are moving from design to implementation across major jurisdictions, with binding frameworks now operational from the GENIUS Act in the United States to the Markets in Crypto-Assets regime in Europe.

The Basel Committee's cryptoasset prudential standard, scheduled for implementation from January 1, 2026, subject to local adoption, has created what CertiK describes as a structural divide for institutional adoption. Group 2 assets, including Bitcoin and Ether, face near-100% capital charges, making them economically difficult for banks to hold on the balance sheet. Group 1 assets, such as tokenised traditional instruments and qualifying stablecoins, receive standard risk weighting.

Smart Contract Audits Become a Compliance Expectation

Smart contract security assessments are increasingly being folded into licensing and compliance expectations across major markets, with security audits moving from voluntary best practice to statutory or quasi-statutory requirement within two years, according to CertiK.

CertiK's analysis of the top 100 exploited protocols found that 80% had never undergone a formal security audit before a breach, and those unaudited protocols accounted for 89.2% of total value lost. Infrastructure compromises such as private key theft and access control failures drove 76% of 2025 losses by value, as the threat landscape moved beyond code exploits.

For crypto firms operating across multiple jurisdictions, the message from regulators is increasingly clear: compliance infrastructure is no longer optional. The era of enforcement defined by token classification disputes appears to be giving way to one focused on financial crime controls, operational resilience, and institutional-grade security standards.