BANKING

Uncover Hidden Risks from Crypto

Stay ahead of the rapidly evolving digital asset landscape with blockchain intelligence and expert guidance to build your crypto compliance program

request a demo

OUR CUSTOMERS

“If we didn't have TRM by our side, it would take a lot of manual effort on our end to capture the information that’s readily available within TRM.”

Visa representative

Onboard new customers with confidence

Conduct due diligence and source of wealth verification for prospective institutional and individual clients that have a crypto nexus

Expand risk assessments beyond exchanges

Uncover your risk exposure to entities across the crypto ecosystem, especially high risk facilitators like OTC desks, payment processors, and cash-to-crypto

Navigate industry changes with expert partners

Empower teams with self-paced learning pathways and insights into industry best practices to uplevel your crypto compliance program, no matter your starting point

Leverage tailored VASP insights

Accelerate customer due diligence with custom risk assessments on digital asset entities

Regulatory Action Tracker

Recent crypto-linked regulatory actions available in the public domain

Title
Amount
Date
Summary
Key Takeaways
In the Matter of Block, Inc.
$
40,000,000
N/A
April 10, 2025
NYDFS issued a consent order against Block, Inc., the parent company of Cash App, citing significant compliance failures in its anti-money laundering (AML) and virtual currency operations. Block agreed to pay a $40 million penalty and to retain an independent monitor to oversee its remediation efforts.
The DFS found that Block, Inc. failed to implement adequate risk-based thresholds, specifically calling out how they configured their blockchain analytic tools. For instance they cited that unless exposure to terrorism-linked wallets exceeded 10%, accounts would not be blocked and that any amount of exposure should have been cause for action. The company’s KYC and customer due diligence controls were also deficient — Block lacked a formal KYC refresh process and allowed users to open multiple restricted accounts using different credentials, enabling a Russian criminal network to operate over 8,300 fraudulent accounts. Additionally, Block suffered from massive SAR filing delays, with alert backlogs growing to over 169,000 and reports averaging 129 days to file, all while misclassifying high-risk mixer transactions as medium risk, exposing the platform to sustained illicit activity.
BaFin prohibits new business with USDe token
$
N/A
March 21, 2025
Germany’s financial regulator BaFin prohibited Ethena GmbH from issuing or distributing its USDe token to German customers, citing unauthorized e-money issuance under the EU’s Markets in Crypto-Assets Regulation (MiCAR). BaFin also froze Ethena’s assets in Germany and warned consumers about the lack of regulatory oversight for the stablecoin product. This action underscores the increased enforcement activity under MiCAR, especially targeting stablecoins marketed or distributed without proper licensing in the EU.
Compliance staff should note that under MiCAR, issuing or distributing stablecoins like USDe without proper authorization can trigger immediate enforcement actions — including asset freezes and sales bans — even if the issuer is based outside the EU. Firms marketing to EU residents must ensure their cryptoassets qualify under MiCAR’s e-money or asset-referenced token categories and obtain the necessary licensing in advance. This case highlights the urgency of conducting a regulatory perimeter assessment before launching or promoting tokenized products in EU jurisdictions.
Financial Industry Regulatory Authority Letter Of Acceptance, Waiver, And Consent - Robinhodd Financial LLC
$
26,000,000
N/A
March 7, 2025
FINRA sanctioned Robinhood Financial and Robinhood Securities with a $26 million fine and over $3.75 million in restitution for widespread supervisory failures spanning nearly a decade. Robinhood misled customers by "collaring" market orders — converting them to limit orders — without proper disclosure, leading to millions in missed executions. The firm also lacked effective AML and KYC systems, allowing fraudulent account openings and failing to monitor $300 million in third-party transfers. Robinhood’s clearing system failed repeatedly during market surges, including a spike tied to Bitcoin trading, and the firm improperly blocked 116,000 account transfers — some due to customers holding crypto at affiliate Robinhood Crypto LLC, violating FINRA rules.
Robinhood’s AML program lacked controls to detect prearranged trading in low-priced securities and suspicious options activity; firms should ensure their surveillance tools cover these high-risk behaviors comprehensively. The failure to monitor $300 million in third-party transfers and to flag ACH name mismatches highlights the need for robust transaction monitoring that incorporates identity verification signals. Robinhood did not have systems to detect account takeovers — an essential capability given FinCEN’s long-standing advisories — underscoring the importance of integrating cyber threat detection into AML protocols. Staffing was severely inadequate, with just two analysts handling nearly one million daily trades; firms must invest in AML teams that scale with volume and use case complexity. Surveillance reports were discontinued due to technical limitations, suggesting a need for scalable infrastructure and regular audit of monitoring effectiveness. Lastly, Robinhood’s CIP failed to reject accounts with identity mismatches; financial institutions should implement strong identity verification controls and conduct periodic reviews to ensure effectiveness.

Request a demo

Ask about TRM solutions or anything else. Our blockchain intelligence experts are standing by.

Subscribe to our latest insights
You can unsubscribe at any time. Read our Privacy Policy.