Crypto firms face the evolving landscape of anti-money-laundering expectations shaped by traditional regulators. The New York Department of Financial Services (NYDFS) recently delivered a landmark enforcement action targeting Paxos Trust Company over significant failures in its anti-money-laundering (AML) and due diligence controls. This case highlights the escalating regulatory scrutiny on stablecoin issuers, underscores the exacting standards imposed by state regulators on crypto service providers, and offers stark lessons for risk professionals, compliance officers, and regulators worldwide.
Table of Contents
Paxos AML enforcement exposed systemic risks in stablecoin issuance
The NYDFS announced that Paxos would pay a $26.5 million civil penalty and must invest an additional $22 million into upgrading its compliance framework, totaling a $48.5 million settlement. The regulator’s investigation uncovered Paxos’s failure to perform adequate due diligence on former partner Binance, alongside fundamental weaknesses in its AML program and transaction monitoring systems.
The probe revealed that for more than five years, transactions on Binance’s platform involving billions of dollars passed through without effective controls to identify illicit actors. These included users linked to darknet marketplaces, Ponzi schemes, and sanctioned entities. Paxos lacked the tools to flag such high-risk transactions in real time, failed to escalate alerts to senior leadership or its board, and relied heavily on manual, retrospective monitoring processes that were ill-suited to timely detection.
As a limited purpose trust company authorized to engage in virtual currency business, Paxos was bound by its charter to conduct robust ongoing due diligence over its partners. The inability to do so constituted a breach of regulatory expectations and exposed systemic governance gaps in its operations.
Crypto compliance failure signals new expectations for virtual asset firms
This enforcement against Paxos marks a shift in how regulators are applying traditional financial crime controls to the crypto sector. Stablecoin issuers and other virtual asset firms are now expected to implement AML frameworks that match the sophistication and depth required of established financial institutions. Regulators are no longer treating crypto actors as experimental innovators but as full participants in the financial system.
Paxos’s deficiencies included weak Know-Your-Customer (KYC) processes, outdated monitoring architecture, and poor escalation protocols. These weaknesses would be unacceptable for a money services business or bank operating under the Bank Secrecy Act. The case makes clear that equivalent rigour is now expected of stablecoin issuers and that these obligations extend beyond direct customer relationships to include oversight of counterparties and business partners.
The lack of effective third-party risk management proved especially damaging. Paxos continued to work with a partner that had significant exposure to high-risk actors, without implementing the enhanced controls necessary to mitigate such risk. The lesson is unmistakable: oversight of business partners is a non-negotiable component of AML compliance in the crypto era.
Rebuilding trust through compliance overhaul
As part of the settlement, Paxos must allocate $22 million to remediate its AML and compliance deficiencies. The remediation program will likely involve the deployment of automated real-time transaction monitoring tools, the enhancement of KYC and customer due diligence protocols, stronger escalation procedures to senior leadership, and expanded oversight at the board level.
The company has stated that these deficiencies were historical, that they have already been addressed, and that no consumer funds were affected. The wind-down of the BUSD stablecoin issuance in 2023 marked the end of its partnership with Binance and the beginning of a pivot toward more tightly regulated operations.
By agreeing to invest heavily in compliance enhancements, Paxos is signaling its intention to regain regulatory trust. The industry will be watching to see whether these measures result in measurable improvements in governance, operational resilience, and the ability to detect and prevent illicit activity at scale.
AML compliance in the crypto era requires holistic governance
The Paxos enforcement demonstrates that AML compliance for crypto cannot be reactive, siloed, or manual. Firms engaged in stablecoin issuance or partnerships with exchanges should take immediate steps to ensure they meet the following standards:
- Deployment of automated, real-time transaction monitoring capable of flagging complex patterns and anomalies.
- Risk-based KYC and customer due diligence systems tailored to the profile of each customer or counterparty.
- Governance structures that guarantee prompt escalation of red flags to senior management and boards.
- Continuous monitoring and oversight of third-party partners, particularly those operating without equivalent regulatory oversight.
- Thorough documentation and audit trails to demonstrate compliance to regulators at any time.
These measures are consistent with the principles established in the Bank Secrecy Act, FinCEN guidance for virtual currency businesses, and the New York BitLicense framework. The expectation is that crypto companies will operate with the same vigilance and accountability as traditional financial institutions, regardless of their technology or business model.
Final reflections on the Paxos case and the road ahead
The Paxos AML enforcement is a defining moment in the regulatory treatment of crypto-asset firms. It shows that state regulators are prepared to hold stablecoin issuers and similar businesses to traditional banking standards. The financial penalty is significant, but the reputational impact and the required operational overhaul may prove even more transformative.
For compliance professionals, this case is a reminder that regulatory expectations are not static. As crypto firms adopt functions similar to banks, the controls, governance, and oversight demanded by regulators will continue to intensify. Those who fail to evolve will face enforcement actions that can erode both financial stability and market trust.
Related Links
- Statement from Paxos in Response to NYDFS
- NYDFS Consent Order – Paxos Trust Company
- FinCEN Guidance on Virtual Currencies and AML Obligations
- New York Virtual Currency Business Activity Regulation – 23 NYCRR Part 200
- Bank Secrecy Act Requirements for Money Services Businesses
Other FinCrime Central Articles About Crypto Exchanges Being Fined
- Jack Dorsey’s Block Inc. Faces $40 Million Fine Over Alleged Crypto Compliance and AML Failures
- Upbit Ban Shock: Major Setback for Crypto Users in South Korea
- OKX Crypto Giant Faces $505M Penalty for AML Violations
Source: NYDFS
Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.
Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.
