Crypto rules are shifting fast. Rising audit and compliance costs could reshape the industry—find out what CertiK says and what it means. | Credit: CCN.
Share
Key Takeaways
Crypto regulators are now focused less on token labels and more on AML, sanctions, and customer fund protections.
Stablecoin issuers face clearer rules, but those rules vary by region and may raise the cost of going global.
Smart contract audits are becoming a basic requirement in many major crypto markets.
Smaller crypto firms may struggle as the costs of licenses, audits, monitoring tools, and local compliance rise.
CertiK’s latest Skynet Intelligence Report argues that crypto regulation has shifted from a focus on whether tokens are securities to a new set of questions: can crypto firms prove they know who uses their platforms, where money moves, and how customer funds are protected?
AML Is Now Crypto’s Biggest Enforcement Risk
CertiK’s report says anti-money laundering (AML) fines and settlements hit $900 million in the first half of 2025.
Sponsored
Disclosure
We sometimes use affiliate links in our content, when clicking on those we might receive a commission at no extra cost to you. By using this website you agree to our terms and conditions and privacy policy.
At the same time, the Securities and Exchange Commission (SEC) eased off on crypto enforcement compared to 2024, with fewer cases and lower total penalties.
A recent OKX case is a prime example of such pressures.
The United States Department of Justice (DOJ) said crypto exchange OKX pleaded guilty to operating an unlicensed money-transmitting business and agreed to pay more than $504 million in penalties.
Fellow exchange KuCoin also agreed to pay over $297 million after pleading guilty in a US crypto case.
All this to say, regulators are now looking at the behind-the-scenes just as much as they are the actual product.
This could mean customer checks, wallet screens, sanctions controls, and more. A company may have a popular app, but it will face penalties if it can’t explain the entire backend.
Stablecoins Are Next
Stablecoins appear to be the center of CertiK’s risk focus, as they look simple but operate across banking, payments, FX, and crypto rails.
For example, the US now has the GENIUS Act, which created the first federal stablecoin framework and requires 100% reserve backing with liquid assets such as dollars or short-term Treasuries.
Stablecoin payment volume has doubled over time, as also represented by CertiK. Source: @Stablecoin on X
As for the EU, there’s MiCA, which provides a single framework for crypto firms and allows passporting once a firm is authorized in one member state.
Hong Kong, Singapore, the UAW, Japan, and Brazil have also moved toward reserve-backed, licensed stablecoin models, according to CertiK.
Basically, a stablecoin issuer may meet US reserve rules but still face different capital or custody rules in Brazil, Hong Kong, or the UAE, meaning a “global stablecoin” would require multiple compliance programs running in parallel.
The 9 Markets To Watch
Certik’s report highlights major developments in nine of the biggest markets.
US stablecoin oversight now exists under a federal framework, while AML enforcement remains a serious risk through the DOJ, FinCEN, and banking regulators.
In the European Union, MiCA is clearer, but DORA adds tougher technology and resilience rules for financial firms, including crypto-asset service providers.
Hong Kong may be one of the strictest markets for smart contract checks. CertiK says stablecoin issuers need independent smart contract audits, while trading platforms must assess smart contract-based tokens before listing them.
Singapore uses a licensing model under the Monetary Authority of Singapore and requires independent technology and cybersecurity assessments.
The UAE has several rulebooks across VARA, ADGM, DFSA, and the central bank, with strict rules for stablecoins and annual smart contract audits in Dubai.
Japan keeps stablecoin issuance close to regulated finance by limiting issuers to banks, trust companies, and fund transfer operators.
CertiK smart contract regulations around the world. Source: CertiK Skynet Intelligence Report
Brazil is building one of Latin America’s toughest frameworks, with central bank authorization, capital requirements, and stablecoin flows treated as foreign exchange transactions.
India still lacks a full VASP licensing path, but it has strict AML, tax, reporting, and offshore platform enforcement.
Turkey has moved toward a full licensing regime, with the CMB, MASAK, and TÜBİTAK all playing roles in market, AML, and technical oversight.
Together, these markets all show that crypto is becoming more like traditional finance, only without a global set of rules. Firms that want to operate internationally now have to abide by various sets of rules per region.
Security Audits Are Becoming a Cost of Doing Business
CertiK’s most important point, though, is about security. Smart contract audits used to be a sign of trust, but now they are becoming a legal or semi-legal requirement in major crypto markets.
The report states that 80% of the top 100 exploited protocols had never undergone a formal security audit before the breach, and that the unaudited projects accounted for 89.2% of the total value lost.
Essentially, code that holds a user’s funds should be run by an independent third-party.
However, CertiK also warns that code audits alone do not cover every threat.
In 2025, infrastructure-level attacks made up the bulk of losses by value. The $1.5 billion Bybit breach is a clear example, with the FBI linking it to North Korean actors. It highlights why regulators are no longer just focusing on smart contract code, but are also digging into the underlying infrastructure behind these projects.
The Future of Regulations and Crypto Firms
The biggest regulatory risk nowadays appears to be understanding how a market’s regulations will shape a project’s development.
Serious crypto firms need local licenses, AML monitoring, sanctions screening, reserve controls, cybersecurity testing, proof-of-reserves work, and incident plans. Banks looking to issue crypto assets will have their own rules to follow, such as the Basel Committee’s standard of separating tokenized traditional assets and stablecoins from riskier, unbacked assets like Bitcoin or Ethereum.
Unfortunately, these regulations could favor bigger firms and exchanges that can spread compliance costs amongst more users. Smaller firms might have better products but may struggle to pay for legal teams, audits, licenses, and monitoring tools.
But either way, CertiK’s report notes that crypto regulation is becoming more operational, more local, and more security-focused. Great products must now be supplemented by proper code audits, fund protections, and general regulations.
Max Moeller is a Chicago‑based writer and video editor passionate about games, tech, and crypto. Whether it’s crafting clear, insightful articles or piecing together engaging video retrospectives, he’s driven by curiosity and takes pride in keeping things human. Since 2017, Max has been published in a variety of notable crypto magazines.
Easy 
