In June 2025, the FATF released its sixth targeted update report on the regulation of crypto assets, and the conclusions are shocking:

Only one jurisdiction globally has achieved the FATF's "full compliance" standard for virtual asset regulation, while as many as 20% of countries remain in a state of "non-compliance." Meanwhile, North Korean hackers have stolen a record $1.46 billion in crypto assets, stablecoins have become the new favorite for money laundering activities, and regulation in the DeFi space remains a foggy area…

Behind this seemingly chaotic global crypto regulatory landscape, an "invisible hand" is quietly shaping the rules of the game for the entire industry — that is the FATF.

This article will deeply interpret the six key findings of the FATF's latest report, reveal the latest "black and gray list" countries among 27 nations, and look ahead to important changes in crypto regulation in 2026. It will help you understand the "source code" of global regulation.

Who is FATF? The Global Anti-Money Laundering "Standard Setter"

The FATF (Financial Action Task Force) was established in 1989 and is the authoritative standard-setting body in the field of global anti-money laundering and counter-terrorist financing. This intergovernmental organization, composed of 39 member countries and regional organizations, has its anti-money laundering recommendations (FATF Recommendations) regarded as the "golden rule" of global AML/CFT.

For the crypto industry, the most critical document from the FATF is Recommendation 15 (R.15), which first included virtual assets and VASPs in the anti-money laundering regulatory framework in 2019: VASPs are required to fulfill compliance obligations such as customer due diligence, transaction monitoring, and suspicious transaction reporting, just like traditional financial institutions.

The FATF is not a police force, yet it made Binance pay a $4.3 billion fine; the FATF has no army, yet it can isolate an entire country from the international financial system; the FATF does not make laws, yet it compels 205 jurisdictions to legislate according to its standards.

Why can an international organization without enforcement power play such a critical role in global crypto regulation?

The answer is simple: in this decentralized crypto world, the FATF has become the "centralized" global standard setter. While national regulatory agencies are still exploring how to manage this emerging industry, the FATF's R.15 has become their common "reference answer." Whether it is the U.S. FinCEN, the EU's AMLD6, Singapore's MAS, or Hong Kong's recently passed "Stablecoin Regulation," the shadow of FATF standards can be seen behind them.

Interestingly, the FATF has transformed its originally non-binding recommendations into "hard rules" that countries must comply with through its unique "soft law" mechanisms — peer reviews and the "gray list" system. What does being placed on the FATF gray list mean? Turkey and Cambodia should be very clear — international remittances are hindered, foreign capital withdraws, credit ratings are downgraded… No country wants to bear such costs.

For crypto practitioners, understanding the FATF is understanding the "source code" of global regulation. When you know that the regulatory rules of various countries are localized based on the same set of FATF standards, you can better anticipate regulatory trends, proactively establish compliance systems, and conduct business globally.

Interpretation of FATF's Latest Report in 2025: Six Key Findings

In June 2025, the FATF released the sixth "Targeted Update Report on the Implementation of FATF Standards for Virtual Assets and Virtual Asset Service Providers."

Through in-depth research on 163 jurisdictions, the FATF decoded the true state of global crypto compliance through six key findings.

???? Finding One: Global Compliance Progress is Slow but Steady

As of April 2025, among the 138 jurisdictions that have been assessed:

• Only 1 jurisdiction is fully compliant: The Bahamas
• 29% are basically compliant, a slight increase from 25% in 2024, including: the United States, the United Kingdom, Germany, Singapore
• 49% are partially compliant, including: Hong Kong, the Netherlands, Turkey
• 21% are non-compliant, a decrease from 25% in 2024, including: Cambodia, Vietnam

BlockSec Interpretation:

???? The compliance list continues to be dynamically adjusted. For businesses using crypto payments, how to adjust strategies in a timely manner according to FATF guidelines, and identify wallet addresses and users belonging to non-compliant countries, is a new challenge that must be faced.

???? Finding Two: How to Address Risks is the Main Challenge

76% of surveyed jurisdictions reported that they have conducted ML/TF risk assessments for VAs/VASPs, up from 71% in 2024. However, the problem is:

• Many jurisdictions have completed risk assessments but still face significant difficulties in implementing preventive measures.
• Only 40 jurisdictions have met the requirements for "assessing risks and taking a risk-based approach," including Switzerland, Japan, etc.

BlockSec Interpretation:

???? Many countries' risk assessments remain at the reporting level, lacking the execution mechanism to translate assessment results into concrete measures. Both nations and crypto enterprises need to establish a dynamic, flexible, and executable risk management system.

???? Finding Three: Regulatory Pathways are Diverging

• 62% of jurisdictions choose to allow VAs and VASPs to operate, including the United States and major EU countries.
• 20% choose to completely ban crypto activities, a significant increase from 14% in 2024, including China and Egypt.
• 18% have yet to decide on a regulatory direction, including some Southeast Asian and African countries.

Notably, partial bans (rather than complete bans) are becoming a trend: 48% of jurisdictions that impose bans choose to partially prohibit specific VA/VASP activities rather than a blanket ban.

BlockSec Interpretation:

???? Regulatory divergence means that the complexity of cross-border compliance will further increase. Businesses need to develop differentiated compliance strategies for different markets.

???? Finding Four: Breakthrough Progress in Implementing the Travel Rule

73% of jurisdictions (85 in total) have passed legislation to implement the Travel Rule. Although this percentage seems to be the same as in 2024, the absolute number has increased from 65 to 85, indicating substantial progress.

The Travel Rule requires VASPs to obtain, retain, and transmit specific remitter and payee information when transferring virtual assets, effectively extending traditional financial KYC requirements into the crypto space.

BlockSec Interpretation:

???? The global promotion of the Travel Rule is an important trend, but it still faces significant challenges in the crypto world: the anonymous nature of blockchain allows anyone to easily create multiple wallet addresses without any real-name association. Customers using centralized services (such as centralized exchange customers) may submit KYC information, but for self-custody users, obtaining identity information is difficult, and even if obtained, it is hard to verify its authenticity.

???? Finding Five: Stablecoins Become the New Favorite for Money Laundering

The report specifically points out that stablecoins are becoming the preferred tool for various illegal actors:

• Most on-chain illegal activities now involve stablecoins.
• Criminals use stablecoins in conjunction with anonymity-enhancing tools (such as mixers and cross-chain bridges) to layer funds.
• USDT on the Tron network is particularly favored by illegal actors.

BlockSec Interpretation:

???? Regulation of stablecoins will become a focus in 2025-2026. The freezing and monitoring capabilities of issuers will play an increasingly important role. For a deep dive into the KYC controversy surrounding stablecoins in Hong Kong, please see our in-depth analysis: Is real-name registration required for holding coins? The true boundaries of KYC obligations for stablecoins in Hong Kong.

???? Finding Six: North Korean Hackers Set a New Record

In 2025, North Korean hackers stole $1.46 billion worth of virtual assets from the crypto exchange ByBit, setting a historical record for a single theft. Ultimately, less than 4% of the stolen funds were recovered.

BlockSec Interpretation:

???? Cybersecurity and AML/CFT compliance need to be prioritized equally. A compliance framework without security protection will still become a target for hackers. Crypto enterprises need to establish a "dual insurance" protection system: on the cybersecurity front, deploy real-time monitoring and automatic attack blocking systems (such as Phalcon Security APP) to identify and intercept attacks at the first moment they occur; on the compliance monitoring front, adopt comprehensive KYA solutions to identify wallet address tags associated with North Korean hacker organizations through on-chain behavior analysis.

Looking at these six findings, a clear thread emerges: global crypto regulation is transitioning from a "chaotic period" to an "orderly period," but this process is far more tortuous than expected.

It is thought-provoking to note the significant gap between "knowledge and action" — most countries know what to do (76% have completed risk assessments), but very few actually do it (only 29% are basically compliant). This also reflects the fundamental challenge of crypto regulation: in a field where technology is rapidly iterating and business models are constantly innovating, how to establish a regulatory system that is both effective and does not stifle innovation?

The FATF's answer is: gradual reform + global collaboration. By setting unified standards while allowing localized implementation, and through soft constraints paired with hard consequences, the FATF is guiding the world toward a new regulatory pattern of "harmony in diversity." For crypto enterprises, this means compliance is no longer optional but a ticket to entry; it is no longer a cost center but a source of competitive advantage.

Are Countries Also Divided into Black and Gray? 27 Countries on the List

If the FATF is the "gatekeeper" of the global financial system, then the black and gray lists are its "wanted notices." The biannual updates of these lists trigger a chain reaction in global financial markets.

The "Big Three" of the Black List

• North Korea: A "stubborn" case since 2011, the mastermind behind the $1.46 billion ByBit theft.
• Iran: Nuclear issues combined with terrorist financing risks have completely isolated its financial system.
• Myanmar: Listed after the 2022 coup, with a regulatory vacuum becoming a money laundering paradise.

Any financial dealings with blacklisted countries are "high-voltage lines" — minor penalties may lead to regulatory sanctions, while severe cases may result in account freezes and settlement interruptions.

Three Major Trends in the Gray List

• Africa is a major disaster area: 12 countries are on the list, with South Africa still being recognized as the "light of Africa."
• Crypto hotspots in an awkward position: Nigeria (the second-largest P2P trading volume globally) and Vietnam (among the top three in crypto adoption) face severe regulatory delays.
• Offshore centers in a dilemma: The British Virgin Islands and Monaco are paying the price for their past lax regulations: international remittance costs have increased by 30-50%, foreign capital has decreased by 20-40%, and credit ratings have been downgraded.

FATF 2026 Regulatory "Spoilers"

Looking back at the history of FATF reports:

• 2019 Travel Rule Guidelines???? Over 50 countries legislated within 2 years
• 2020 Stablecoin Report???? Triggered a global regulatory wave

It's like a regulatory "script" — understanding the key focus areas 6-12 months in advance allows you to gain an advantage before regulatory changes occur.

Three Major FATF Reports Coming Soon

1. Stablecoin Special Report (Q1 2026)

Core Highlights: Reserve transparency standards, de-pegging responsibilities, cross-chain regulation

2. Offshore VASP Report (2025-2026)

Core Highlights: "Long-arm jurisdiction" boundaries, data localization, cross-border enforcement

3. DeFi Regulatory Guidelines (2025-2026)

Core Highlights: Identification of responsible parties, legal status of DAOs, smart contract audits

???? An Interesting Discovery

The release of FATF reports often follows a "seasonal pattern" — important reports are frequently published in June and October.

Astute compliance teams closely monitor these two time points, obtaining information and responding promptly. In the race for regulatory compliance, information is time, and time is an advantage. Companies that anticipate regulatory trends in advance will naturally gain a first-mover advantage in market competition.

The latest FATF reports indicate a clear trend: global crypto regulation is transitioning from "wild growth" to "regulated development." Although currently only one jurisdiction has achieved full compliance, this also highlights the vast development space and market opportunities in the crypto world.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。