Web3 security provider CertiK has released a major report on crypto asset regulation. The report charts the evolution of global regulatory standards and assesses the impact this has had on crypto businesses in providing the oversight for them to operate at scale. Major crypto jurisdictions are pinpointed in the report, including the US, EU, Hong Kong, Singapore, UAE, Japan, Brazil, and Turkey, with a particular focus on anti-money laundering (AML) compliance.
According to CertiK’s State of Digital Asset Regulations report, AML-related penalties exceeded $1 billion in early 2025, with individual cases reaching hundreds of millions. Regulators are now primarily focused on transaction monitoring and reporting infrastructure rather than debating whether tokens are securities, which shows the progress that the industry has made in integrating with mainstream finance.
Stablecoins and Securities
No examination of digital assets would be complete without stablecoins, and CertiK gets straight down to business, detailing the stablecoin projects that are moving from design to implementation. The era of sandboxes and pilots is giving way to one of shipping code and deepening liquidity as central banks enter the fray.
The legal challenges associated with stablecoin issuance have largely been surmounted, CertiK notes, but there’s still a cost burden to face in ensuring global compliance. Meanwhile, when it comes to securities, CertiK reports that “SEC crypto-specific enforcement fell 60% in volume and 97% in penalty value year over year between 2024 and 2025.”
This doesn’t mean that enforcement activity dropped, however; instead, the DOJ and FinCEN have stepped up, resulting in over $1.06 billion in AML-related fines and settlements recorded in H1 2025 alone. These included the OKX settlement of $504 million and KuCoin’s $297 million penalty.
Token Issuance Rules Tighten
With global regulators now fully up to speed on digital assets, lawmakers are well educated on how crypto works and have a deep understanding of how they can facilitate compliant issuance and access. One component they’re now frequently factoring into their compliance requirements, CertiK highlights, is smart contract assessment.
Once a best practice, these tests are now mandatory in seven major jurisdictions. The requirements extend beyond code to encompass infrastructure security and penetration testing. The logic is hard to fault, since there’s compelling empirical evidence that the majority of major exploits occurred in unaudited systems, and token issuers who pass this stipulation can wear the accreditation as a badge of pride.
As a Web3 security specialist, CertiK naturally has a lot to say about the need for code audits, pointing out that of the top 100 protocols exploited, 80% had never undergone a formal security audit. Almost 90% of all value lost was through these untested protocols, demonstrating that while security audits can’t guarantee impregnability, they’re a vital tool in fortifying blockchain systems against determined attackers.
DeFi Gets TradFi Treatment From Regulators
One of the motifs running through CertiK’s digital asset report is the way in which regulators are now demanding the same standards of scrutiny for DeFi as are applied to traditional finance. This is particularly true of custody, both for centralized and decentralized blockchain businesses.
“Crypto exchanges, custodians, and stablecoin issuers now operate under prudential and operational resilience regimes comparable to those applied to traditional financial market infrastructure,” observes CertiK. Given the global nature of crypto, the challenge for operators is ensuring that they’re compliant in every jurisdiction where their services can be accessed.
The EU’s MiCA, which makes use of passportable licenses, is arguably the most integrated and thus easiest regime to adopt across the European continent, whereas the fragmented multi-agency model that defines the US is more challenging from a compliance perspective, since what’s legal in one state may not be explicitly permitted in another.
Crypto Enforcement Takes a New Tack
Crypto businesses can no longer claim ignorance of compliance requirements, and every reputable company entering the industry must ensure that its operations are legally sound before launching. The free-and-easy “Wild West” days are long gone, having been replaced by a region-by-region regulatory regime that, while onerous, is at least unambiguous.
But even when crypto firms are endeavoring to do everything by the book, there are still pitfalls to watch out for, particularly when it comes to transaction monitoring and AML. Indeed, CertiK observes that while penalties for digital asset non-compliance dropped by 18% in 2025 to $3.8 billion in 2025, AML fines ramped up. Regulators are spending less time clamping down on securities penalties and instead have changed tack, making sanctions and transaction monitoring their focus.
Stablecoin Infra Becomes Banking-Grade
Closing out its exhaustive digital asset regulatory report, CertiK circles back to stablecoins, emphasizing that issuers are now expected to maintain the same custody and reserve management rules as banks. Which is, to all intents and purposes, what they essentially are, given the hundreds of billions of dollars in value they’re responsible for.
Finally, CertiK reiterates the need for institutions involved in the digital asset space to enhance their AML screening, particularly given the sizable fines routinely handed down for companies found to have failed in their reporting obligations in the case of sanctions checking and suspicious on-chain activity. The DOJ and FinCEN, in particular, are rigorously enforcing, and institutions are thus expected to be proactive in their AML duties.
Overall, the CertiK report provides compelling evidence that digital assets are being rapidly integrated into the global financial system. And in most cases, this is occurring by taking existing regulatory principles concerning compliance and operational resilience and applying them to the Web3 world, delivering greater clarity for digital asset issuers and users alike.
Passionate about how technology can empower people to create a more just and sustainable world.
