Disclaimer: This page is provided for educational and informational purposes only. It does not constitute legal, financial, or regulatory advice. Regulatory requirements vary by jurisdiction and are subject to change. Consult with qualified legal counsel to determine how specific regulations apply to your business and use case.
Why Stablecoin Transfers Are Regulated
Governments regulate stablecoin activity to achieve two goals:- Prevent financial crime — money laundering, terrorist financing, sanctions evasion, and fraud
- Protect consumers — ensuring that people and businesses operating with stablecoins have a secure, transparent framework to rely on
Regulations by Region
Different jurisdictions have developed their own regulatory frameworks for crypto and stablecoin activity. While the specifics vary, they converge on a common set of principles: licensing, customer verification, transaction monitoring, and reporting. The table below shows some of the most prominent examples — it is not an exhaustive list.| Region | Example Frameworks | Summary |
|---|---|---|
| United States | State Money Transmitter Licenses (MTLs), GENIUS Act | States require money transmitter licenses for businesses facilitating money movement. The GENIUS Act (signed July 2025) establishes the first federal framework specifically for stablecoin issuance, treating issuers as financial institutions under the Bank Secrecy Act. |
| European Union | MiCA (Markets in Crypto-Assets), PSD2 | MiCA provides a comprehensive EU-wide framework for crypto-asset service providers (CASPs), including licensing, reserve requirements, and consumer protections. PSD2 applies when initiating or processing fiat transactions. |
| Other jurisdictions | UK (FCA oversight, EMI licensing), Singapore (MAS), Hong Kong (SFC), Dubai (VARA), and others | Many countries have introduced or are developing crypto-specific licensing requirements. Even where no crypto-specific regulation exists, general AML/CFT obligations and financial licensing requirements typically still apply. |
Crossmint is directly licensed and operates with licensed partners to provide coverage across 150+ jurisdictions. For the most up-to-date list of supported countries, see Supported Geographies.
Common Compliance Requirements
Regardless of jurisdiction, regulated stablecoin activity typically involves a common set of controls. Below are some of the most common requirements — though the specifics depend on your jurisdiction, use case, and applicable regulatory framework.KYC and KYB (Know Your Customer / Know Your Business)
Before transferring value to or on behalf of someone, you generally need to verify their identity. For individuals, this is KYC — collecting and verifying name, date of birth, address, and government-issued identification. For businesses, this is KYB — verifying the legal entity, its beneficial owners, and its registration details. The level of verification required depends on the use case. Low-risk activities (for example, small transfers to a verified user’s own wallet) may require lighter checks, while higher-risk activities (for example, large disbursements to third parties) typically require more thorough verification.AML Program (Anti-Money Laundering)
An AML program goes beyond one-time identity checks. It typically includes:- Transaction monitoring — continuously analyzing transfer patterns to detect suspicious activity (for example, unusually large or frequent transfers, structuring to avoid thresholds)
- Suspicious Activity Reporting (SARs) — filing reports with regulators when suspicious patterns are detected
- Ongoing due diligence — periodically requesting updated information from users, especially when their activity profile changes or when risk indicators emerge
Sanctions Screening
Transfers generally need to be checked against global sanctions lists — including OFAC (US), EU consolidated lists, and UN sanctions. This applies to both:- The parties involved — verifying that neither the sender nor the recipient is a sanctioned individual or entity
- On-chain addresses — screening wallet addresses against known sanctioned addresses and addresses associated with illicit activity. This is unique to crypto and requires specialized blockchain analytics tooling.
Travel Rule
The Travel Rule is a crypto-specific regulation (derived from FATF Recommendation 16) that requires virtual asset service providers (VASPs) to transmit originator and beneficiary information alongside transfers above certain thresholds. It is already enforced in the EU, US, Singapore, and an expanding list of jurisdictions. In practice, this means:- Collecting sender information (name, address, account identifier) for each transfer
- Collecting and verifying recipient information before processing
- Transmitting this data to the receiving institution through a secure, compliant channel
- Maintaining records of both parties for a minimum of five years
Safeguarding and Fund Protection
When converting between fiat and crypto — or holding fiat on behalf of customers during a conversion — regulations typically require that customer funds are safeguarded. This means they must be held in segregated accounts, separate from operating funds, and protected in the event of insolvency.When Do These Rules Apply?
Not every movement or use of stablecoins triggers regulatory requirements. The rules apply based on what kind of activity you are performing.Regulated Activities
1. On-ramping and off-ramping Converting fiat to stablecoins (or vice versa) on behalf of your customers. If your platform takes in fiat from a customer and delivers stablecoins, or takes stablecoins and delivers fiat, that is a regulated conversion. This typically triggers the full range of compliance requirements — KYC/KYB, AML monitoring, sanctions screening, and Travel Rule compliance. 2. Stablecoin payouts Disbursing stablecoins to external parties — whether you are paying out customer funds or sending from your own company balance to customers, contractors, suppliers, or other third parties. While payouts may not always carry the same full scope of requirements as an on/off-ramp (for example, KYC requirements may differ), they still require significant compliance checks including sanctions screening, AML monitoring, and identity verification of the recipient. In short: if a fiat-to-crypto conversion occurs, or if stablecoins are being sent to an external party, the activity is almost certainly regulated.Typically Outside of Regulatory Scope
- A customer holding stablecoins in their own self-custodial wallet and choosing independently to send to others. If the user controls their own keys and initiates transfers on their own (not through your platform’s payment flow), this is generally outside your compliance scope.
- Internal transfers between your own wallets (for example, moving stablecoins between two company wallets you control). No third-party interaction means no customer-facing compliance obligation, though your own internal controls and record-keeping still apply.
How Crossmint Helps
You do not need to obtain licenses, build an AML program, or implement any of the compliance controls described above. Crossmint acts as the regulated party and handles all of this on your behalf — you just call APIs. Read the Solution Architecture page to see exactly how the responsibilities are split and how to set up your integration.See Also
Solution Architecture
How Crossmint handles compliance on your behalf and how to architect your integration
Users and Compliance
Register identities and verify users through the Crossmint APIs