The Financial Action Task Force (FATF) published a targeted report warning that peer-to-peer stablecoin transfers, especially those involving unhosted self-custody wallets, carry elevated risks for sanctions evasion, money laundering, and proliferation financing. The core issue is structural: these transfers can occur outside the perimeter of regulated intermediaries, which reduces the practical reach of standard AML, CFT, and CPF controls.
The report reads like an operational playbook rather than a theoretical critique. It points to stablecoins’ combination of price stability, liquidity, and interoperability as the commercial attributes that also make them attractive to illicit actors, and it explicitly pushes jurisdictions to close gaps created by direct wallet-to-wallet activity.
Why unhosted stablecoin transfers worry FATF
FATF’s framing is direct: P2P transfers between unhosted wallets are higher risk because they occur “without the involvement of a regulated intermediary VASP or FI and therefore fall outside AML/CFT/CPF obligations” (paragraph 48). In practical compliance terms, the problem is not that blockchains are opaque, but that there may be no obliged entity in the flow with a duty to identify users and file reports.
The report also emphasizes that stablecoin design and market plumbing can amplify the challenge. Even though blockchain records are immutable, pseudonymity and frequent address rotation can slow beneficiary identification, and cross-chain wrapping plus interoperability can weaken the effectiveness of issuer-level controls such as freezing or blacklisting in secondary markets.
FATF backs the risk framing with data points intended to quantify scale. The report cites industry analysis indicating illicit crypto addresses received at least $154 billion in 2025, with stablecoins accounting for 84% of illicit transaction volume. It also notes the rapid expansion of stablecoins, describing more than 250 stablecoins in circulation by mid-2025 and market capitalization exceeding $300 billion, which increases the systemic relevance of unregulated P2P transfer channels.
Controls FATF wants jurisdictions to operationalize
FATF’s recommended direction is to harden the perimeter around stablecoin arrangements by fully implementing Recommendation 15 and ensuring issuers, intermediary VASPs, and relevant financial institutions have clear, tailored AML obligations. A key operational theme is to shift control points to where they can actually be enforced, especially at onboarding and redemption. The report points to risk-based measures such as the ability to freeze, burn, or withdraw stablecoins in secondary markets, alongside customer due diligence at redemption as a primary gate for accountability.
The report also calls for stronger smart-contract and governance controls where appropriate, including allow-listing and deny-listing high-risk addresses combined with robust transaction monitoring. It explicitly pushes platforms to strengthen monitoring of unhosted-wallet interactions and apply proportionate mitigation when self-custody wallets touch regulated rails, which is where the compliance obligation can be anchored in practice.
Finally, FATF leans on capability building and coordination: jurisdictions are urged to invest in technical tooling for smart contracts and cross-chain flows and to upgrade cross-border cooperation for timely information exchange and asset-freeze action. The report also encourages structured public-private partnerships so typologies and investigative signals can move faster than the flows they are meant to stop.
FATF is clear that its guidance is non-binding, which means enforceability depends on national adoption. The real implementation risk is now a sequencing issue: once jurisdictions translate these recommendations into law or supervisory rules, issuers and VASPs will face expanded governance, monitoring, and reporting expectations. For compliance and legal teams, the immediate priority is to prepare for that shift by stress-testing controls around unhosted-wallet touchpoints, redemption due diligence, and cross-chain tracing.
