Author: Beosin

Abstract

This report is supported by the Digital Asset Anti-Money Laundering Committee (DAAMC) under the Hong Kong Virtual Asset Industry Association (HKVAIA) and is led by Beosin. It focuses on the core issues of anti-money laundering (AML) related to stablecoins, systematically sorting out the basic concepts of stablecoins, global regulatory differences, and financial security risks. It emphasizes the construction of AML technical solutions and ecological governance paths in Hong Kong, providing professional references for the compliant development of stablecoins.

The report clarifies that stablecoins are digital assets pegged to fiat currencies and other assets, primarily dominated by fiat-collateralized types (such as USDT and USDC), with applications covering cross-border remittances, daily consumption, and value storage. The regulatory policy section compares the differences between Hong Kong's "Stablecoin Ordinance" and the U.S. "GENIUS Act," while also analyzing policies from countries such as Singapore, Japan, South Korea, and the UAE.

Regarding the financial security risks of stablecoins, their anonymity and cross-border convenience make them susceptible to illegal and suspicious activities such as terrorist financing, ransomware attacks, and dark web transactions, necessitating vigilance against the risks these pose to the development of stablecoins. In response, Beosin has proposed a comprehensive lifecycle solution for Hong Kong, focusing on "source prevention - dynamic monitoring - precise governance," covering stablecoin smart contract security, on-chain monitoring, and KYT/KYA risk assessment technologies to achieve AML monitoring and criminal intelligence analysis.

Finally, the report offers suggestions from the perspectives of industry self-discipline, inter-departmental collaboration, and user education to assist DAAMC in promoting the compliant ecological construction of stablecoins in Hong Kong.

Chapter 1: Concepts and Development Trends of Stablecoins

1.1 Definition and Classification of Stablecoins

Stablecoins are digital assets that are linked to real-world assets (such as fiat currencies, gold, commodities, or real estate) to maintain a relatively stable value. In the field of digital assets, stablecoins have been widely used for trading, payments, and value storage, becoming a bridge between traditional finance and digital finance.

Currently, several countries and regions are legislating in the field of stablecoins to clarify the definition of stablecoins and establish an issuer licensing system, providing legal certainty for market participants.

Hong Kong's regulatory framework clearly defines "Fiat-Referenced Stablecoins (FRS)," which refer to stablecoins whose value is entirely pegged to one or more official currencies, accounting units designated by the Monetary Authority, or forms of economic value storage, or a combination thereof, to maintain stable value. The U.S. "GENIUS Act" defines stablecoins as digital assets used as a means of payment or settlement tool, requiring issuers to maintain stable value relative to fixed currencies.

The implementation methods of stablecoins determine their operational models, regulatory challenges, and risk levels within the financial system. In addition to fiat-collateralized stablecoins, there are other types of stablecoins in the blockchain ecosystem that anchor the value of the dollar.

Table 1-1 Classification of Stablecoins

| Type | Examples | Characteristics | |--------------------------|------------------|----------------------------------------------------------| | Fiat-Collateralized | USDT, USDC | Real assets are held by centralized entities (bank custody), on-chain is merely a tokenized form of real assets | | Digital Asset-Collateralized | DAI, RAI | Collateralized by ETH and other digital assets, controlled by smart contracts for minting and liquidation | | Algorithmic Stablecoins | UST, AMPL | Adjust supply and demand through algorithms, with extremely high risk | | Partially Collateralized + Algorithmic | FRAX | Partially collateralized + algorithmic supply and demand adjustment |

1.2 Introduction to the Top 10 Stablecoins by Market Capitalization

Stablecoins have a development history of over ten years. Since the issuance of USDT in 2014, the stablecoin market has developed rapidly, with fiat-collateralized stablecoins occupying a leading position in the market. As of August 20, 2025, according to statistics from DefiLlama, the total circulating market capitalization of stablecoins worldwide reached $277.5 billion, with the top ten stablecoins by market capitalization as follows:

Table 1-2 Overview of Top 10 Stablecoins

| Token Name | Market Cap | Number of Holders | Issuing Company | Supports Freezing Function | |------------|------------|-------------------|------------------|----------------------------| | USDT | $166.987 billion | 112 million | Tether | Yes | | USDC | $66.663 billion | 30.5 million | Circle | Yes | | USDe | $11.852 billion | 773,000 | Ethena Labs | No | | DAI | $4.786 billion | 1.819 million | Sky | No | | USDS | $4.503 billion | 45,000 | Sky | Yes | | USD1 | $2.208 billion | 349,000 | BitGo | Yes | | FDUSD | $1.448 billion | 62,000 | First Digital Labs| Yes | | PYUSD | $1.193 billion | 91,000 | PayPal | Yes | | RLUSD | $666 million | 35,000 | Standard Custody & Trust Company | Yes | | TUSD | $493 million | 368,000 | TrueUSD | Yes |

Data source: https://defillama.com/stablecoins

From a market share perspective, fiat-collateralized stablecoins account for over 83.46% of the market, including USDT, USDC, USD1, FDUSD, PYUSD, RLUSD, and TUSD, holding an absolute dominant position. USDe, as a synthetic dollar stablecoin, has gained attention and recognition in the crypto market by generating yield through arbitrage trading of mainstream digital assets like ETH on centralized exchanges, becoming the third-largest stablecoin.

In terms of on-chain trading data, the trading frequency of stablecoins shows an upward trend. According to Visa statistics, the total trading volume of stablecoins exceeded $27.6 trillion in 2024, with an effective trading volume of $5 trillion. USDT has consistently been the most traded stablecoin, followed by USDC, together accounting for over 90% of stablecoin trading data.

Figure 1-1 Monthly Trading Volume of Stablecoins

Data source: Transactions | Visa Onchain Analytics Dashboard

Note: Adjusted Transaction Volume excludes trades by bots, internal transactions of smart contracts, internal exchange trades, and trades by high-frequency traders.

In the past year, USDT based on the TRON network has seen significant growth, with circulating USDT exceeding $82.6 billion, surpassing Ethereum to become the blockchain network with the largest circulation of USDT. BSC (also known as BNB Chain) has experienced a surge in trading volume due to Binance's support for free withdrawals of stablecoins to the BSC network, making it the blockchain network with the highest number of stablecoin transactions in the past year.

Figure 1-2 Annual Trading Volume and Number of Transactions of USDT and USDC on Mainstream Chain Platforms

Data source: Transactions | Visa Onchain Analytics Dashboard

The trading volume and number of transactions of stablecoins on networks such as Base, Solana, Arbitrum, and Polygon are also noteworthy. As seen in the above figure, although Ethereum remains the primary blockchain network for the circulation and trading of stablecoins, blockchains with lower transaction costs and faster speeds are becoming new choices for businesses and ordinary users to use stablecoins.

1.3 Main Application Scenarios of Stablecoins

In July 2025, the International Monetary Fund analyzed the effective trading volume of stablecoins totaling $2 trillion across six chains: Ethereum, Binance Smart Chain, Optimism, Arbitrum, Base, and Linea, to assess the global liquidity of stablecoins.

The research report shows that the largest liquidity scale of stablecoins is in North America, reaching $633 billion, followed by the Asia-Pacific region with $519 billion; in terms of the proportion of stablecoin liquidity relative to GDP, Latin America and the Caribbean account for 7.7%, while Africa and the Middle East account for 6.7%. Emerging markets (such as Latin America and the Caribbean, Africa, and the Middle East) use stablecoins more frequently due to capital controls and instability of fiat currencies, primarily for cross-border flows, with stablecoin flows within the region accounting for only 12%-14%.

From the above data, it is evident that stablecoins have become an indispensable role in the global financial ecosystem, with the main application scenarios as follows:

1. Cross-Border Remittances and Settlements

Traditional cross-border remittances rely on the SWIFT system, requiring multiple intermediaries such as banks and correspondent banks, which leads to issues such as slow speed, high costs, and low transparency. Stablecoins, based on blockchain technology, have reconstructed an efficient and low-cost global payment network through "peer-to-peer" transactions.

2. Daily Consumption

Southeast Asian ride-hailing platform Grab has supported users in Singapore and the Philippines to recharge USDC, USDT, and other digital assets to GrabPay, which can be used for rides, food delivery, coffee purchases, and other daily payment scenarios.

E-commerce platform Shopify supports the integration of Solana Pay, allowing users to make payments using USDC on the Solana chain. As of May 2025, over 2,000 Shopify merchants have supported Solana Pay.

3. Value Storage and Financial Management

The "value stability" characteristic of stablecoins makes them the "base currency" of the digital asset market, meeting the demand for hedging while also deriving rich financial scenarios due to their technological characteristics, becoming a bridge connecting traditional finance and digital finance.

In countries with high inflation of their local fiat currencies (such as Argentina and Turkey), local residents choose to exchange their fiat currencies for stablecoins like USDT (pegged to the dollar) to resist the depreciation of their fiat currencies. For example, in Turkey, due to long-term high inflation and currency depreciation issues, the adoption rate of local stablecoins and mainstream digital assets continues to rise. In 2024, the total trading volume of USDT/TRY (Turkish Lira) on Binance, the world's largest digital asset exchange, exceeded $43.82 billion.

Figure 1-3 Trading Volume of USDT Stablecoin Exchange for Turkish Lira on Binance in 2024

Data source: https://www.tradingview.com/symbols/USDTTRY/

In addition to resisting fiat currency depreciation, stablecoins can also be used for financial management. In the decentralized finance (DeFi) sector, stablecoin holders, after understanding the relevant risks, can choose to deposit stablecoins into decentralized lending protocols (such as Aave) to earn interest from borrowers, with annualized returns determined by market demand; or provide liquidity for trading pairs like USDT-USDC on decentralized exchanges like Uniswap to earn trading fees.

1.4 The Rise of Stablecoins and Regulatory Trends

2025 is hailed as the "Year of Stablecoins," marking the transition of stablecoins from a peripheral tool in digital asset trading to a mainstream player in global finance. As a digital asset pegged to fiat currencies or commodities, stablecoins exhibit disruptive potential in areas such as cross-border payments, supply chain finance, and asset tokenization due to their price stability, low transaction costs, and efficient settlement. They have also become a new focal point in the competition for global financial infrastructure.

However, alongside their rapid development, stablecoins bring many potential risks, including challenges to monetary policy, financial stability, consumer protection, and illegal financial activities (such as money laundering and terrorist financing). International financial institutions have maintained a high level of concern regarding the risks associated with stablecoins. For instance, the Bank for International Settlements (BIS) has issued stern warnings in its reports about the performance of stablecoins as widely used currencies, pointing out their lack of central bank backing, insufficient measures to prevent illegal use, and deficiencies in generating loans in terms of funding flexibility. The BIS report indicates that the anonymous holding characteristics of stablecoins may help conceal "dirty money" and face the risk of rapid redemptions by investors, potentially undermining monetary sovereignty and triggering capital flight from emerging economies.

In response to the technical challenges and systemic risks posed by the high liquidity, cross-border convenience, and anonymity of stablecoins and other digital assets, the Financial Action Task Force (FATF) recommended in 2019 extending the travel rule to digital asset service providers, requiring them to adhere to transfer standards consistent with those of banks. According to the travel rule, digital asset transactions exceeding a certain threshold (usually $1,000) must be subject to KYC and due diligence procedures.

Countries and regions have gradually advanced regulatory frameworks related to digital assets based on the recommendations and guidelines issued by the FATF, covering aspects such as digital asset trading service providers, stablecoins, and digital asset custody. The year 2025 has become a "watershed" for global stablecoin regulation, with the U.S. and Hong Kong respectively launching the "GENIUS Act" and the "Stablecoin Ordinance," while most provisions of the EU's "MiCA Act" will also take effect in 2025. Countries like Japan and South Korea have begun evaluating the issuance of their fiat-pegged stablecoins, leading to a clearer global regulatory framework for stablecoins.

Chapter 2: Research on Stablecoin Policies

2.1 Analysis of Hong Kong's Stablecoin Regulatory Policy

Hong Kong has clearly expressed its strategic goal of becoming a global leading center for digital asset innovation and investment. To achieve this vision, Hong Kong emphasizes the establishment of a robust and appropriate regulatory environment, which it considers a prerequisite for the sustainable and responsible development of the stablecoin ecosystem. This strategy is based on its inherent advantages as an international offshore financial center, including a comprehensive financial infrastructure in areas such as cross-border payments, asset management, clearing, and custody.

Hong Kong's linked exchange rate system provides a high degree of stability for the Hong Kong dollar, creating a solid monetary foundation for issuing stablecoins pegged to the Hong Kong dollar and supported by fiat currency reserves. This strategic integration of digital assets into the existing financial infrastructure and monetary system indicates that Hong Kong does not view digital assets as a completely independent domain but strives to integrate them into the established financial ecosystem. The stability of the Hong Kong dollar provides a credible anchor for stablecoins, allowing Hong Kong to stand out in competition with jurisdictions that have underdeveloped financial infrastructure or significant fiat currency volatility.

2.1.1 Regulatory Policy Goals and Guiding Principles

The core goal of Hong Kong's stablecoin regulatory system is to prevent the potential risks that fiat-referenced stablecoins (FRS) may pose to monetary policy, financial stability, and investor protection. The guiding principle is "same activity, same risk, same regulation," which runs throughout the "Stablecoin Ordinance," aiming to ensure that regulatory requirements meet international standards while being tailored to local conditions in Hong Kong. This approach aims to promote the healthy and orderly development of the digital asset market.

The regulatory framework also pays special attention to the unique challenges posed by stablecoins, such as their anonymity and convenient cross-border usage, which may increase the risks of anti-money laundering (AML) and counter-terrorism financing (CFT). The combination of the "same activity, same risk, same regulation" principle with a clear understanding of the unique risks associated with stablecoins (such as anonymity and cross-border nature) reflects the maturity of Hong Kong's regulatory philosophy. This is not merely a straightforward application of existing rules to the digital asset domain but involves tailored adjustments based on the unique technological characteristics of digital assets while acknowledging their functional equivalence to traditional financial instruments. This meticulous approach aims to prevent regulatory arbitrage and ensure effective mitigation of emerging risks. If the functions of stablecoins are similar to those of traditional financial instruments (such as payment and value storage), they should be subject to similar regulation to fill potential regulatory gaps. However, their technological characteristics (such as distributed ledger technology and potential anonymity) introduce new risks that traditional rules do not fully cover. Therefore, the Monetary Authority must adjust existing principles and introduce new measures (such as strict AML/CFT requirements for distributed ledger technology) to achieve comprehensive regulation.

2.1.2 Definition of Regulatory Scope

1. Clear Definitions: "Fiat-Referenced Stablecoins (FRS)"

Hong Kong's regulatory framework has clearly defined "stablecoins" and "fiat-referenced stablecoins (FRS)" to ensure precision and effectiveness in regulation.

Definition of "Fiat-Referenced Stablecoins (FRS)": FRS refers to stablecoins whose value is entirely pegged to one or more official currencies, accounting units designated by the Monetary Authority, or forms of economic value storage, or a combination thereof, to maintain stable value. Currently, the scope of "designated stablecoins" is limited to fiat-referenced stablecoins. The regulatory framework covers FRS that reference a single currency and those that reference multiple currencies.

The Monetary Authority focuses its primary regulatory efforts on FRS, reflecting a risk-based regulatory strategy. FRS, particularly those pegged to major fiat currencies, are considered to pose the most direct and significant risks to monetary and financial stability due to their widespread adoption as a means of payment and their direct connection to the traditional financial system. In contrast, stablecoins pegged to commodities (such as gold) or other digital assets typically have narrower use cases and smaller direct systemic impacts. By prioritizing the regulation of FRS, the Monetary Authority addresses the most pressing regulatory needs while retaining the flexibility to expand the regulatory scope as the market evolves.

2. Licensing Requirement: Stablecoin Activities Must Apply for Licenses

In Hong Kong, any entity engaging in any "regulated stablecoin activity" must obtain a license from the Monetary Authority in advance: issuing designated stablecoins while conducting business in Hong Kong, issuing designated stablecoins pegged to the Hong Kong dollar outside of Hong Kong, and actively promoting the issuance of their fiat-referenced stablecoins to the public in Hong Kong.

The determination of "active promotion" is based on a comprehensive assessment, including marketing language (especially the use of Chinese), whether targeting Hong Kong residents, whether using a Hong Kong domain name, and whether there is a detailed marketing plan. "Issuing" or "minting" typically refers to the initial recording and allocation of stablecoins on a distributed ledger to digital wallet addresses. The determination of "issued in Hong Kong" also takes a comprehensive approach, considering factors such as the location of daily management and operations, registration, minting and burning locations, reserve asset management locations, and the location of bank accounts handling cash flows.

3. Treatment of Algorithmic Stablecoins: De Facto Exclusion

Hong Kong's regulatory framework adopts a de facto exclusion approach towards algorithmic stablecoins. Due to the lack of actual reserve asset support, algorithmic stablecoins will not meet the Monetary Authority's strict reserve asset-related licensing conditions for FRS issuers. Although algorithmic stablecoins may technically meet the definition of "designated stablecoins," they fail to meet the minimum standards, particularly the reserve requirements, effectively rendering them ineligible for licensing.

This de facto exclusion of algorithmic stablecoins, despite their theoretical inclusion in the definition of "designated stablecoins," reflects a strong prudential stance. It reflects the global consensus among regulators following the Terra/Luna incident that unsupported or under-collateralized stablecoins pose unacceptable systemic risks, prioritizing stability and investor protection over speculative innovation. The Monetary Authority's approach aligns with international standards (such as those recommended by the Financial Stability Board (FSB) and the Basel Committee on Banking Supervision (BCBS)), which emphasize that stablecoins used for payments must have adequate reserve support. By setting strict reserve requirements, the Monetary Authority effectively filters out inherently unstable algorithmic models, indicating a cautious attitude towards innovation while prioritizing financial stability.

2.1.3 Licensing System for Fiat-Referenced Stablecoin Issuers

The core of Hong Kong's stablecoin regulatory system is a mandatory licensing framework that imposes strict requirements on issuers of fiat-referenced stablecoins (FRS). The "Stablecoin Ordinance" establishes a "license-first" or "closed-loop" regulatory model that emphasizes prior authorization. This model is generally stricter than the "post-compliance" paths in some other jurisdictions. The Monetary Authority is the primary regulatory body, with comprehensive functions for licensing, auditing, revoking licenses, and issuing operational guidelines. The Monetary Authority has the authority to establish a "designated stablecoin list" and prohibit unauthorized stablecoins from circulating or being used for payments in Hong Kong.

The "license-first" approach, combined with the Monetary Authority's broad discretion (including the establishment of the "designated stablecoin list"), indicates that Hong Kong's regulatory environment is highly controlled and centralized. This contrasts with more lenient or decentralized regulatory concepts, reflecting Hong Kong's emphasis on prudent regulation and market integrity from the outset. By requiring prior authorization, the Monetary Authority can review the business models, financial soundness, and control systems of stablecoins before they enter circulation, significantly reducing risks. The "designated stablecoin list" provides a dynamic market control tool, enabling the Monetary Authority to respond swiftly to emerging risks or non-compliant entities by restricting market access.

Obtaining and maintaining a stablecoin issuer license in Hong Kong requires meeting a series of strict conditions and ongoing regulatory requirements designed to ensure the issuer's sound operation and protection of stablecoin holders.

1. Company Status and Local Presence Requirements

FRS issuers must be companies registered in Hong Kong. The senior management team and key personnel must reside in Hong Kong. Non-Hong Kong registered companies (except for institutions recognized and prudently regulated by Hong Kong) must establish a subsidiary in Hong Kong to apply for an FRS issuer license.

2. Minimum Financial Resources and Capital Adequacy Ratio

FRS issuers must meet minimum financial resource requirements. The minimum paid-up capital requirement is HKD 25,000,000. The Monetary Authority reserves the right to impose additional capital requirements when necessary. Retaining the discretion to impose additional capital conveys a flexible yet firm risk management attitude. While maintaining adequate capital buffers is crucial for financial stability, excessively high initial capital requirements may stifle innovation and hinder new entrants. This reflects a nuanced consideration of ensuring sufficient financial support while encouraging participation, acknowledging that the stablecoin market is still in its early stages.

3. Comprehensive Reserve Asset Management and Custody

FRS issuers must establish effective stabilization mechanisms. The total market value of reserve assets must at all times be no less than the total face value of circulating FRS (i.e., full backing). Issuers should also consider the risk profile of reserve assets and ensure appropriate over-collateralization to provide a buffer. Reserve assets must be high-quality, highly liquid assets (e.g., bank deposits denominated in reference currencies). Reserve assets must be held in the same reference currency as the stablecoin, and the reserve assets for each stablecoin must be strictly separated from the issuer's other reserve pools and operational assets. Effective trust arrangements (e.g., appointing independent trustees or trust declarations) must be established to ensure that these assets are held for and in the interests of stablecoin holders.

The Monetary Authority will adopt a risk-based regulatory approach to assess the adequacy of reserve assets. The strict requirements for full backing of reserve assets, high liquidity, segregation, and sound trust arrangements are the cornerstones of Hong Kong's strategy for investor protection and financial stability regarding stablecoins. This effectively imposes "bank-like" prudential standards on stablecoin reserves, aimed at preventing liquidity crises and decoupling events that have occurred in more loosely regulated stablecoin models. Past failures of stablecoins often stemmed from insufficient reserves, poor liquidity, commingling of funds, or inadequate legal protections for holders. By imposing these strict requirements, the Monetary Authority directly addresses these vulnerabilities, ensuring that stablecoin holders have clear and enforceable rights to their underlying assets and that the peg of the stablecoin can be maintained even under stress.

4. Robust Redemption Mechanism and Timeliness Standards

Holders of FRS must be able to redeem stablecoins at face value in a timely manner, without incurring undisclosed or disproportionate fees, or having to meet unreasonable redemption conditions. Redemption requests must be fulfilled within one business day of receipt. If the issuer anticipates difficulty in meeting a redemption request within one business day (for example, due to unforeseen market pressures), prior approval from the Monetary Authority should be sought.

The "one business day" redemption standard sets a very high threshold for the operational efficiency and liquidity management of FRS issuers. This directly addresses the inherent "run" risk of stablecoins, aiming to maintain confidence and prevent systemic contagion. The ability for rapid redemptions is crucial for maintaining the peg of stablecoins and preventing panic redemptions. By setting a strict one-day standard, the Monetary Authority compels issuers to maintain highly liquid reserves and sound operational processes, minimizing the risk of liquidity mismatches that could lead to instability in stablecoins.

5. Requirements and Impacts on Ordinary Users

For digital asset wallet holders or ordinary users considering entering the stablecoin market, there are several points to note under Hong Kong's stablecoin regulations:

(1) KYC/AML Requirements

Users must complete real-name authentication when using regulated stablecoin issuers or related platforms (exchanges, custodial wallets) in Hong Kong.

(2) Source of Funds Review

Cross-border large transfers or frequent transactions may trigger anti-money laundering reviews.

(3) Restrictions on Stablecoin Use and Trading

In Hong Kong, the future use and trading of stablecoins may be subject to strict licensing regulations, and according to HKMA requirements, users holding licensed stablecoins can redeem them at any time. Before the introduction of the Hong Kong OTC Act, ordinary users can still trade USDT and USDC on licensed digital asset trading platforms in Hong Kong (e.g., HashKey, OSL). However, under the future Hong Kong OTC licensing regime, it is currently uncertain whether ordinary users will be able to trade unlicensed stablecoins like USDT and USDC.

(4) Taxation Requirements

Hong Kong currently does not impose capital gains tax, and buying and selling stablecoins themselves are generally not taxed, but commercial uses (e.g., payments, salary settlements) must be reported for tax purposes.

2.1.4 Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) Framework

1. Adherence to International Standards: FATF Recommendations and "Travel Rule"

Hong Kong actively adopts international standards in AML/CFT, particularly the recommendations of the Financial Action Task Force (FATF). The updated anti-money laundering framework in Hong Kong, including regulations for virtual asset service providers (VASP), aligns with FATF and its Recommendation 16—"Crypto Travel Rule." The travel rule applies to all digital asset transfers exceeding HKD 8,000 (approximately USD 1,000). VASPs are given a six-month window to comply with the travel rule, allowing for gradual integration and avoiding business disruptions.

Hong Kong's active implementation of FATF Recommendation 16 (the travel rule) demonstrates its commitment to global AML/CFT standards and its ambition to be a responsible leader in the field of digital asset regulation. This alignment aids in cross-border interoperability and reduces the risk of being perceived as a weak link in the global financial crime prevention network. The travel rule requires financial institutions and VASPs to transmit information about the originator and beneficiary during digital asset transfers, similar to traditional wire transfers. By adopting this rule, Hong Kong enhances traceability, reduces anonymity, and addresses the AML challenges posed by the cross-border and potentially anonymous nature of stablecoins. This strengthens Hong Kong's position as a compliant jurisdiction, which is crucial for attracting legitimate digital asset businesses.

2. Risk-Based Approach (RBA) for Money Laundering/Terrorist Financing Assessment and Mitigation

Licensees must adopt a risk-based approach (RBA) when designing and implementing AML/CFT policies and procedures. A money laundering/terrorist financing risk assessment must be conducted at the institutional level, considering risks related to customers, countries, products, and delivery channels. The assessment must be properly documented, approved by senior management, and kept up to date. For lower-risk situations, the system can be simplified, but it cannot be simplified when there are suspicions of money laundering/terrorist financing.

The adoption of RBA allows for flexible and proportionate AML/CFT measures, adjusting controls based on the specific risk characteristics of the issuer's business model and customer base. This avoids a "one-size-fits-all" approach that may impose excessive burdens on low-risk activities while ensuring sufficient rigor for high-risk activities. The money laundering/terrorist financing risks associated with stablecoin activities can vary significantly. RBA allows issuers to allocate resources effectively, focusing on high-risk areas. This also reflects international best practices in AML/CFT, promoting effective risk mitigation without stifling legitimate innovation.

3. Wallet Management and Enhanced Customer Due Diligence (CDD)

Licensees must properly manage the AML/CFT risks associated with the wallets used by their customers for stablecoin transactions. Customer wallet addresses must be identified and ownership verified through micro-payments, message signature tests, or evidence obtained from custodial wallet providers.

For self-custodial wallets provided by custodial wallet providers or used by financial institutions/VASPs, due diligence measures include collecting owner information, assessing their reputation and AML/CFT quality, and evaluating the adequacy of their control measures.

The detailed requirements for wallet management and CDD, including wallet ownership verification and due diligence on custodial providers, directly address the challenges posed by anonymity in digital asset transactions. This is a key step in bridging the gap between blockchain anonymity and the need for financial transparency. One of the main AML challenges in the digital asset space is the ability to transact with "non-custodial wallets" without clear identification. By requiring verification of wallet ownership and due diligence on third-party wallet providers, the Monetary Authority mandates issuers to establish a clear link between stablecoin transactions and verified identities, significantly reducing anonymity risks and enhancing traceability.

4. Ongoing Monitoring of Stablecoin Transactions and Strategies for Mitigating Illegal Activities

Licensees must monitor circulating stablecoins to prevent their use for illegal purposes, with the level of monitoring proportional to the money laundering/terrorist financing risks. Stablecoin transactions are recorded on the blockchain, providing traceability to identify illegal activities. Possible measures include using blockchain analysis technology to continuously screen transactions and wallet addresses, blacklisting sanctioned or illegal wallet addresses, and freezing stablecoins upon request from regulatory or law enforcement agencies. Unless the licensee can demonstrate the effectiveness of these measures to the Monetary Authority, the identity of each stablecoin holder must be verified by the licensee, a regulated financial institution/VASP, or a reliable third party.

The Monetary Authority has higher expectations regarding the effectiveness of blockchain analysis and blacklisting, and in the absence of proven effectiveness of anti-money laundering technologies, it defaults to requiring "identity verification for each stablecoin holder," indicating a highly conservative and risk-averse approach to emerging AML technologies. This means that relying solely on technological solutions may not be sufficient to meet Hong Kong's stringent AML standards, and manual verification remains crucial. While blockchain analysis provides a promising tool for identifying illegal activities, the Monetary Authority acknowledges its limitations (e.g., difficulty in identifying ultimate beneficial owners, reliance on external data). By prioritizing direct identity verification, the Monetary Authority indicates that it will not compromise on fundamental AML principles, even while exploring technological advancements. Therefore, the current stablecoin ecosystem in Hong Kong has a robust "KYC" foundation.

2.2 Analysis of the U.S. Stablecoin Bill

2.2.1 Definition and Scope of "Payment Stablecoins"

The "GENIUS Act" primarily regulates a specific class of digital assets known as "payment stablecoins." These assets are typically defined as digital assets intended to serve as payment or settlement tools, with issuers obligated to redeem, repurchase, or exchange such assets at a fixed monetary value, and these assets are not considered national currency. A key aspect of the Act is the explicit statement that payment stablecoins issued by authorized issuers are not considered "securities" under U.S. federal securities laws, nor are they considered "commodities" under the Commodity Exchange Act. This legislative exemption aims to establish a clear regulatory pathway for compliant stablecoins, largely freeing them from direct oversight by the U.S. Securities and Exchange Commission (SEC) or the Commodity Futures Trading Commission (CFTC).

This clear definition primarily targets fiat-backed stablecoins that maintain a 1:1 peg. Therefore, algorithmic stablecoins that typically lack 1:1 reserve backing and rely on complex algorithms to maintain their peg may not qualify as "payment stablecoins" under this framework. This effectively excludes them from the regulatory "safe harbor" provided by the GENIUS Act, potentially leaving them still subject to existing securities or commodity laws.

The explicit exclusion of compliant payment stablecoins from the definitions of "securities" and "commodities" is a significant step in regulatory terms. This directly addresses one of the most important sources of regulatory uncertainty that has plagued the U.S. crypto industry for years. By clearly defining regulatory classifications, the Act primarily assigns the regulation of these specific digital assets to banking regulatory agencies rather than market regulators. This clarity aims to enhance the confidence of traditional financial institutions and businesses, encouraging them to use stablecoins for various purposes such as payments, cross-border transactions, and fund management. It also creates a unique segment within the broader digital asset market, where "payment stablecoins" are treated differently from other digital assets or tokenized assets, thereby establishing a more specialized and predictable regulatory environment for this specific asset class.

2.2.2 Core Prudential and Operational Requirements

1. Reserve Asset Management

Authorized Payment Stablecoin Issuers (PPSIs) are strictly required to maintain at least a 1:1 reserve to support their circulating payment stablecoins. Eligible types of reserve assets include: U.S. coins and paper currency (including Federal Reserve notes), deposits at custodial institutions or foreign deposit institutions, short-term government securities with a remaining maturity of 93 days or less, repurchase agreements collateralized by short-term government securities, certain reverse repurchase agreements, money market funds that invest solely in the above eligible assets, and central bank reserve deposits. Notably, the Act does not grant primary federal regulatory agencies the authority to expand the list of eligible reserve assets, even if they believe other assets possess sufficient liquidity.

Reserve assets may not be pledged, re-pledged, or reused, except for the purpose of providing liquidity to meet reasonably anticipated stablecoin redemption requests. In this case, short-term government securities may be pledged as collateral for repurchase agreements, but these repurchase agreements must be cleared by an approved central counterparty or receive prior approval from the relevant regulatory agency. Reserve assets must be held by qualified third-party custodians and strictly segregated from the issuer's operating funds. Issuers must also publicly disclose the total amount of circulating payment stablecoins and the amount and composition of reserve assets on their website each month. Monthly reports must be reviewed by a registered accounting firm, and the CEO and CFO must certify the accuracy of the reports, with intentional false certification facing criminal penalties.

The strict limitations on reserve assets in the "GENIUS Act" are primarily confined to U.S. dollar-denominated assets and U.S. Treasury securities, which is not coincidental. This provision explicitly supports the dominant position of the U.S. dollar in the global digital economy and brings sustained demand for the U.S. Treasury market. This stands in stark contrast to Hong Kong's more flexible approach to reserve assets, reflecting the deep considerations of the U.S. in regulating stablecoins as a national economic strategy.

2. Redemption Mechanism and Activity Restrictions

All authorized payment stablecoin issuers must establish procedures for the "timely" redemption of circulating payment stablecoins and publicly disclose their redemption policies. The business activities of PPSIs are strictly limited, typically confined to issuing and redeeming payment stablecoins, managing related reserves, providing custodial and safekeeping services, and other activities directly supporting these functions. The Act also prohibits "tying" practices, which condition the provision of services on customers obtaining additional paid products or services from the issuer or any of its subsidiaries, or on customers agreeing not to obtain any paid products or services. Furthermore, stablecoin issuers are explicitly prohibited from offering any form of interest or yield to stablecoin holders. In the event of the issuer's bankruptcy, stablecoin holders have priority rights over all other claims against the issuer.

3. Capital, Liquidity, and Risk Management

Federal and state regulators are required to establish capital requirement rules tailored to the business models and risk profiles of payment stablecoin issuers, with a $10 billion threshold delineating regulatory authority. Issuers must possess the technical capabilities, policies, and procedures to block, freeze, and refuse illegal transactions and must comply with all applicable court orders. Regulators will also incorporate Bank Secrecy Act (BSA) and sanctions compliance standards into their risk management requirements. For banks holding stablecoins on their balance sheets, current U.S. banking rules may require them to hold additional capital. The Act also outlines a timeline for rulemaking and implementation by regulators: unless otherwise specified, relevant rules must be promulgated by July 2026. The effective date of the Act is the earlier of 18 months after its enactment or 120 days after the primary federal stablecoin regulatory agency issues final implementing regulations, meaning the latest effective date is January 18, 2027.

4. Anti-Money Laundering/Counter-Terrorism Financing (AML/CFT) and Privacy Requirements

Under the "GENIUS Act," authorized payment stablecoin issuers are designated as "financial institutions" under the Bank Secrecy Act. This means they must comply with strict anti-money laundering (AML), customer identification (KYC), and transaction monitoring requirements. They are also required to submit suspicious activity reports (SARs) to the Financial Crimes Enforcement Network (FinCEN) and comply with sanctions regulations from the Office of Foreign Assets Control (OFAC). In terms of privacy protection, the privacy requirements of the Gramm-Leach-Bliley Act apply to most authorized payment stablecoin issuers.

The comprehensiveness of the U.S. AML/CFT framework, including KYC, transaction monitoring, suspicious activity reporting, and sanctions compliance requirements, will undoubtedly impose significant compliance costs on issuers. This may give companies with robust KYC, risk management, and regulatory change management procedures a competitive advantage. This area is also a common point of strictness in both the U.S. and Hong Kong regulatory frameworks.

2.3 Comparative Analysis of Stablecoin Regulatory Frameworks in Hong Kong and the U.S.

2.3.1. Regulatory Concepts and Strategic Goals

With the initial implementation of Hong Kong's stablecoin licensing system, an increasing number of market participants are beginning to compare it with the regulatory path in the U.S. There are certain differences in legal systems, financial positioning, and strategic goals between the two regions, which not only reflect different risk preferences of regulatory agencies but also their differing strategic considerations regarding the future landscape of digital finance. The following analysis compares regulatory concepts and strategic goals.

Table 2-1 Comparison of Regulatory Concepts and Strategic Goals between Hong Kong and the U.S.

| Dimension | Hong Kong | U.S. | |-------------------|---------------------------------------------------------------------------|-----------------------------------------------------------------------| | Regulatory Model | Unified management by the Hong Kong Monetary Authority (HKMA), with a licensing system to prevent risks and promote innovation. | Decentralized, with multiple federal and state agencies balancing risk and innovation. Over $10 billion regulated by the Federal Reserve, under $10 billion by state-level agencies. | | Compliance Threshold | High threshold (HKD 25 million paid-in capital requirement, strict redemption mechanism), 100% high liquidity assets, regular audits and disclosures. | Limited to deposit institution subsidiaries/federal/state qualified issuers. 1:1 cash/short-term Treasury securities, publicly disclosed monthly and prohibited from re-pledging. | | Risk Attitude | Conservative, emphasizing redemption guarantees and risk control, prohibiting algorithmic stablecoins. | More inclusive, encouraging innovation and tolerating a certain degree of trial and error. | | User Protection | Clear redemption guarantees, prioritizing user rights and redemption interests, sales limited to licensed institutions, regulated market advertising practices, relatively strict anti-money laundering requirements. | Emphasizes investor protection and consumer safety, mandatory disclosure of reserves, key personnel must report monthly, strict anti-money laundering requirements. | | Strategic Goals | Establish an international regulatory compliance center for stablecoins, consolidating Hong Kong's position as an international financial center. | Strengthen the dominance of the U.S. dollar, promote the application of dollar-backed stablecoins and fiscal support. | | Core Legislation | Stablecoins Ordinance (effective August 1, 2025) | Guiding and Establishing National Innovation for U.S. Stablecoins Act (effective July 18, 2025) |

2.3.2. Regulatory Structure and Authority

The U.S. stablecoin regulatory system is characterized by a dual-track system, with a complex multi-tiered federal/state structure involving multiple federal banking regulatory agencies, such as the Federal Reserve, OCC, FDIC, and NCUA. Although a Stablecoin Certification Review Committee (SCRC) has been established to facilitate coordination, this multi-headed regulatory model may still lead to regulatory fragmentation.

In stark contrast, Hong Kong adopts a centralized regulatory model, with the Hong Kong Monetary Authority (HKMA) serving as the sole primary prudential regulator. This "one-stop" regulatory approach provides market participants with greater clarity and efficiency. For institutions wishing to enter the market, Hong Kong's centralized regulatory structure offers a clear path and transparent rules, contrasting with the complexity that U.S. issuers may face due to interstate and inter-federal agency interactions, potentially leading to a higher compliance burden.

2.3.3. Reserve Assets and Custodial Requirements

In terms of reserve assets, both the U.S. and Hong Kong adhere to the principle of 1:1 full backing, requiring stablecoins to be supported by high-quality, highly liquid assets. This is a common consensus in global stablecoin regulation.

However, there are significant differences in specific execution. The U.S. "GENIUS Act" strictly limits the types of eligible reserve assets, primarily to U.S. dollars and short-term U.S. Treasury securities. Additionally, the Act mandates that reserve assets must be held by qualified third-party custodians and strictly segregated from the issuer's operating funds. This strict limitation reflects the U.S. policy consideration of using stablecoins to reinforce the dollar's hegemony and support the U.S. Treasury market. In contrast, while Hong Kong emphasizes the high quality and liquidity of reserve assets, it offers greater flexibility. Although asset segregation is also required, Hong Kong allows issuers to independently manage custody or delegate it to qualified institutions such as banks. This flexibility aims to balance prudent regulation with market innovation, allowing for a broader range of operational models while still ensuring asset security.

2.3.4. Retail Investor Access and Consumer Protection

The U.S. "GENIUS Act" aims to establish federal safeguards to protect the interests of stablecoin holders and enhance public confidence in the payment stablecoin market. Its consumer protection measures are reflected in strict requirements for reserve assets, transparent disclosures, and redemption mechanisms. Hong Kong, on the other hand, adopts a more stringent and detailed investor protection strategy, particularly for retail investors. According to the Stablecoins Ordinance, only stablecoins issued by licensed fiat stablecoin issuers approved by the Monetary Authority can be sold to retail investors. Additionally, Hong Kong imposes strict restrictions on advertising for stablecoins to prevent fraud and misleading statements. This protective strategy is more cautious, aiming to isolate retail investors from the risks associated with stablecoin investments.

2.3.5. Cross-Border Cooperation and Reciprocity Arrangements

In terms of cross-border cooperation, both the U.S. and Hong Kong recognize the importance of international coordination. The U.S. "GENIUS Act" authorizes the Treasury Secretary to establish reciprocity arrangements or other bilateral agreements with foreign jurisdictions that have "comparable" stablecoin regulatory regimes to facilitate international transactions and interoperability with dollar-denominated stablecoins. In Hong Kong, the Monetary Authority has the authority to assess on a case-by-case basis whether to modify or exempt certain minimum standards for applicants that are fully regulated in other jurisdictions. This is not an automatic mutual recognition but rather a prudent review based on individual cases. Although both sides are committed to international cooperation, their differing reciprocity mechanisms may create friction in practice or require further bilateral agreements to achieve truly seamless cross-border interoperability.

Despite both jurisdictions acknowledging the necessity of cross-border cooperation, the lack of an immediate, automatic mutual recognition framework poses a significant challenge to the global adoption of stablecoins. This means that issuers seeking to operate in both markets will face a dual compliance burden, which may hinder the seamless flow of stablecoins in cross-border trade and payments and limit their full potential. The future success of stablecoins as a global payment rail depends on the practical implementation and breadth of these reciprocity arrangements.

2.3.6. Comparison of AML/CFT Policy Requirements

Table 2-2 Comparison of Anti-Money Laundering Regulatory Policies between Hong Kong and the U.S.

| Dimension | Hong Kong (Stablecoins Ordinance and Supporting Guidelines) | U.S. (Federal BSA/FinCEN + State Regulations/Proposed Federal Law) | |-------------------|-------------------------------------------------------------|---------------------------------------------------------------------| | Regulatory Target | "Stablecoin issuers" must be licensed and regarded as financial institutions under the AMLO; applicable to Stablecoin Issuer AML/CFT Guidelines. | CVC (Convertible Virtual Currency) "administrators/exchangers" are MSBs under the BSA and must register and establish AML; the proposed federal stablecoin bill explicitly includes issuers as BSA subjects. | | Risk Control | Explicit requirement for issuers to conduct institutional-level ML/TF risk assessments and design systems based on RBA. | BSA is risk-based; FinCEN's 2019 general guidance requires MSBs to implement risk-based programs and monitoring. | | CDD/KYC | Conduct tiered CDD for customers and beneficiaries (including PEPs, purpose and nature, ongoing due diligence), verify the identity of each stablecoin holder. | Conduct KYC/CDD, risk assessments, and ongoing monitoring for customers during the issuance and redemption of stablecoins; submit SAR/CTR. | | On-Chain Transaction Monitoring | Requires ongoing monitoring of circulating stablecoins (including on-chain address screening, blockchain analysis, black/white lists, and closed-loop circulation when necessary). | Emphasizes transaction monitoring and suspicious reporting; proposes additional record-keeping and reporting for "mixing" related transactions (311 Special Measures NPRM). | | Transfer Rules (Travel Rule) | The AMLO adds a chapter on "stablecoin transfers": collecting, storing, and transmitting information on the initiator and recipient of stablecoin transfers; prohibits transfers with "non-compliant VASPs or FIs"; implements additional risk controls for non-custodial wallet transfers. | Funds Travel Rule (31 CFR 1010.410(f)) applies to MSBs, requiring initiating information for transfers of $3,000 or more; FinCEN documents explicitly state that CVC is applicable. | | Record Keeping | Records must be kept for at least 5 years. | Must comply with BSA's 5-year record-keeping requirements, including customer information, transaction records, SAR/CTR, and related supporting documents. | | Organization and Governance | | |

Need to establish a Compliance Officer (CO) and Money Laundering Reporting Officer (MLRO), with the board or executives assuming AML responsibilities.

Regulatory agencies expect banks or regulated entities to be equipped with adequate BSA/AML governance and resources.

Hierarchical Relationship

Unified licensing and guidance issued by the HKMA.

At the federal level, governed by BSA/FinCEN + existing state licensing frameworks (such as NYDFS BitLicense/stablecoin guidelines); federal legislation like the GENIUS Act/STABLE Act clearly defines issuers as BSA "financial institutions."

2.4 Regulatory Policies for Stablecoins in Other Countries and Regions

2.4.1 Singapore's Stablecoin Regulatory Policy

The Monetary Authority of Singapore (MAS) released the "Stablecoin Regulatory Framework" in 2023, but this framework has not yet been legislated. In 2025, MAS plans to conduct public consultations on stablecoin legislation and draft amendments to formalize the "Stablecoin Regulatory Framework." Until the amendments are officially implemented, Singapore regulates stablecoins under the existing "Payment Services Act" (PSA) and the "Stablecoin Regulatory Framework."

The PSA clarifies the definitions of stablecoins, entry thresholds, reserve assets, and redemption of stablecoins. The subsequently released "Stablecoin Regulatory Framework" includes regulations for single-currency stablecoins issued in Singapore and pegged to the Singapore dollar or G10 currencies, adding regulations for stablecoin issuance services to further protect the rights of stablecoin holders and reduce financial risks.

Under the "Stablecoin Regulatory Framework," the regulatory requirements that stablecoin issuers must follow include:

• Reserve Asset Requirements
• - Composition: Cash/equivalents, low-risk bonds with a remaining term of ≤3 months (issued by government/central banks or AA-rated international institutions), ensuring the stability of asset value;
• - Valuation: Daily marked to market, with a value ≥100% of the circulating SCS face value, to avoid redemption risks due to insufficient reserves;
• - Custody: Isolated accounts must be held at custodians rated A- or above to prevent the misappropriation of reserve assets;
• - Auditing: Monthly independent audits + annual audits to reduce market trust risks through transparency.
• Capital Requirements
• - Base Capital: ≥1 million SGD or 50% of annual operating expenses (whichever is higher), ensuring the issuer has sufficient financial strength to manage operational risks;
• - Solvency: Liquid assets ≥50% of annual operating expenses or the amount required for settlement (to be independently verified annually), ensuring orderly redemption even in extreme situations.
• Anti-Money Laundering Requirements
• - Stablecoin issuers and intermediaries must strictly comply with AML/CFT regulations, including customer due diligence (CDD), transaction monitoring, and reporting of large and suspicious transactions.

It is noteworthy that Singapore's "Stablecoin Regulatory Framework" exhibits a "voluntary" characteristic, meaning stablecoin issuers can choose whether to apply to MAS for certification of their stablecoins as "MAS-regulated stablecoins." Those who do not choose this path can continue to operate as "digital payment tokens" under the PSA framework. The amendments prepared by MAS may still adhere to the previous "voluntary" characteristic of stablecoin regulation, providing flexibility for different stablecoin issuers.

2.4.2 Japan's Stablecoin Regulatory Policy

Japan has established a stablecoin regulatory system characterized by "issuer restrictions + reserve transparency + full-process monitoring" through the "Payment Services Act" (PSA), emphasizing a balance between compliance and innovation. The core logic is to incorporate stablecoins into the traditional financial regulatory framework, reducing money laundering risks through measures such as KYC, travel rules, and asset segregation, while planning to enhance the market competitiveness of its stablecoins by allowing flexible reserve investments (e.g., permitting 50% allocation to government bonds).

According to the amendments effective June 2023, fiat-pegged stablecoins are classified as "electronic payment instruments" (EPI) and must comply with strict anti-money laundering (AML) and counter-terrorism financing (CFT) obligations. This system design aims to achieve a balance between compliance, financial stability, and innovative development.

1. Core Anti-Money Laundering Requirements

• - Customer Identity Verification (KYC) and Transaction Record Keeping: Stablecoin issuers and intermediaries (such as exchanges) must verify user identities, including name, address, identification documents, etc., and record the information of both parties in a transaction. For example, stablecoins issued by money transfer service providers have a transaction limit of 1 million yen, and KYC verification is required for the recipient.
• - Transaction Record Keeping: User information and fund flows must be retained for at least five years.
• - Suspicious Transaction Reporting (STR): Any abnormal transactions must be reported to the Japan Financial Intelligence Center (JAFIC), with potential criminal liability for non-compliance.
• - Travel Rule: From June 2023, cross-border or inter-platform stablecoin transfers must include the identity information of both the sender and the recipient to prevent anonymous fund flows.

2. Regulatory Classification of Intermediaries and Businesses

Entities engaged in stablecoin trading, exchange, custody, etc., must register with the Financial Services Agency (FSA) as Electronic Payment Instrument Service Providers (EPISP) and meet capital adequacy, system security, and other requirements. For example, exchanges supporting stablecoin trading must undergo regular reviews by the Japan Virtual Asset Exchange Association (JVCEA).

3. User Asset Protection and Bankruptcy Response

• - Domestic Asset Retention Orders: If an issuer or exchange goes bankrupt, the FSA can order that user assets be retained within Japan to prevent cross-border transfers. (This mechanism was practically applied during the bankruptcy of FTX's Japanese subsidiary in 2022, ensuring that user assets were not affected by overseas liquidation.)
• - Reserve Preservation and Independent Auditing: Issuers must fully support stablecoin issuance through demand deposits or highly liquid assets (such as government bonds), and reserves must be verified for adequacy by a third-party auditing firm quarterly. For example, the first yen stablecoin, JPYC, expected to be approved by the Japanese Financial Services Agency in the fall of 2025, plans to publicly disclose reserve proof monthly and introduce hardware security modules (HSM) to manage private keys.
• - International Standards and Cross-Border Cooperation: As a member of the FATF, Japan has fully implemented the "Travel Rule" and is engaged in interoperability and cross-border compliance cooperation for stablecoins with South Korea, ASEAN, and G20 mechanisms. This strategy not only strengthens international consistency in AML/CFT but also promotes the compliant application of Japanese stablecoins in the global market.

2.4.3 South Korea's Stablecoin Regulatory Policy

1. Legislative Implementation and Background

The "Virtual Asset User Protection Act" (VAUPA) was promulgated on July 18, 2023, and will officially take effect on July 19, 2024, marking South Korea's first specialized legislation to regulate digital asset platforms. The draft "Digital Asset Basic Act," proposed on June 10, 2025, further expands the regulatory scope, including clarifying the framework and regulatory standards for stablecoin issuance. This reform stems from the market trust crisis caused by the collapse of Terra-Luna in 2022, with legislative intent to strengthen the compliance foundation and risk management system.

2. Regulatory Agencies and Compliance Requirements

The Korea Financial Intelligence Unit (KoFIU) is responsible for the registration supervision of digital asset service providers and AML/CFT compliance reviews; the Financial Services Commission (FSC) and the Financial Supervisory Service (FSS) oversee market operations, user rights protection, and on-site enforcement.

3. AML/CFT Regulatory Compliance Measures

South Korea implements highly detailed AML/CFT regulations for digital asset service providers. All digital asset service providers must register with KoFIU before conducting business and obtain ISMS (Information Security Management System) certification, as well as open accounts with financial institutions that support real-name bank accounts. Failure to complete these steps may result in KoFIU rejecting their registration application, and they cannot conduct any digital asset business before registration. Customer identity verification (KYC) and customer due diligence (CDD) are basic requirements, and digital asset service providers must verify identities before user account opening or transactions reaching 1 million won (approximately $700), with enhanced due diligence for high-risk users. The Travel Rule has been in effect since March 25, 2022, requiring digital asset service providers to provide the names and wallet addresses of both the sender and recipient when a customer initiates a transfer of ≥1 million won to another digital asset service provider, and to submit identity information, including identification numbers, within three business days upon request from the registering party or authorities. Relevant records must be kept for five years, with violations subject to fines of up to 30 million won. Suspicious transaction reporting (STR) and transaction monitoring systems are also mandatory. If abnormal transactions are detected, digital asset service providers must report to KoFIU or FSS.

4. User Asset Protection Mechanisms

Asset Segregation Requirements: Digital asset service providers must segregate user assets from their own assets to prevent user property risks due to platform bankruptcy.

Bankruptcy Custody and Preservation Mechanisms: If a digital asset service provider goes bankrupt, the FSC/FSS can execute asset retention orders to ensure user assets remain in South Korea, free from overseas liquidation impacts.

Reserve Transparency and Auditing: Stablecoin issuers must maintain sufficient backing of assets for stablecoin issuance, implement regular audits, and enhance the transparency of reserve asset disclosures.

5. Strategic Trends and International Cooperation

The Bank of Korea will establish a "Digital Asset Task Force" in July 2025 to enhance policy responsiveness and track international trends in stablecoin regulation (such as the U.S. GENIUS Act), preparing for subsequent legal institutionalization.

Prominent media reports indicate that the government plans to submit a "Phase Two" VAUPA tax proposal in October 2025, including stablecoin issuance, secure custody, and internal control mechanisms, to further improve the regulatory system.

2.4.4 UAE's Stablecoin Regulatory Policy

The UAE divides token regulatory responsibilities among the Dubai Virtual Assets Regulatory Authority (VARA), the Abu Dhabi Financial Services Regulatory Authority (FSRA), and the Securities and Commodities Authority (SCA). In 2024, the Central Bank of the UAE issued the "Payment Token Services Regulations" (PTSR), officially regulating stablecoins.

Definition of Stablecoins: The Central Bank of the UAE clearly classifies stablecoins as "payment tokens." Payment tokens are a type of digital asset that maintains stable value by being pegged to a fiat currency or another payment token denominated in the same fiat currency.

Stablecoin Issuance: This includes dirham stablecoins and foreign currency stablecoins. Entities issuing dirham stablecoins must obtain a payment token issuance license from the Central Bank of the UAE. Key conditions include that the entity must be registered in the UAE under Federal Law No. 2 of 2015 concerning commercial companies; the issued stablecoins must be fully backed by independent reserve assets; independent audits and financial disclosures must be conducted. Foreign entities issuing stablecoins pegged to currencies other than the UAE dirham must register with the Central Bank of the UAE as foreign payment token issuers. Additionally, foreign currency stablecoins are only allowed for digital asset trading and are not permitted for transactions involving goods and services, nor can they be used for local payments in the UAE.

Stablecoin Custody and Transfer: Must obtain permission from the SCA or any local licensing authority to act as a digital asset service provider. Individuals providing custody services for digital assets can apply for a no-objection registration to execute the custody and transfer of stablecoins. Any other parties seeking to execute custody and transfer of payment tokens must obtain a license from the Central Bank for stablecoin custody and transfer.

Licensed stablecoin service providers must meet the following requirements when conducting stablecoin custody and transfer or stablecoin exchange services:

If the monthly average value of stablecoin transfers initiated, facilitated, executed, guided, or received by the service provider as part of the stablecoin service reaches 10 million dirhams or more, they must hold at least 3 million dirhams in regulatory capital;

If the monthly average value of payment token transfers initiated, facilitated, executed, guided, or received by the service provider as part of the stablecoin service is less than 10 million dirhams, they must hold at least 1.5 million dirhams in regulatory capital.

Additionally, it should be noted that the "Payment Token Services Regulations" apply to individuals or legal entities providing "payment token services" in the UAE, but do not include financial free zones such as the Dubai International Financial Centre (DIFC) and the Abu Dhabi Global Market (ADGM). Currently, the Dubai Financial Services Authority (DFSA) has approved the use of USDC, EURC, and RLUSD in the Dubai International Financial Centre.

2.5 Chapter Summary

In summary, this chapter reveals the current international stablecoin regulatory differences and convergence trends in concepts, goals, and institutional design through a systematic comparison of the stablecoin regulatory frameworks in Hong Kong and the United States, as well as a review of policies in other countries and regions (such as Singapore, Japan, South Korea, and the UAE).

First, in terms of regulatory concepts and strategic goals, Hong Kong primarily emphasizes financial stability and systemic risk prevention as its primary objectives, highlighting licensing systems, reserve transparency, and comprehensive AML/CFT controls, reflecting a "risk-first" prudent model; the United States, based on the horizontal application of the BSA, has recently attempted to establish a federal-level stablecoin regulatory framework through the "GENIUS Act," mainly aimed at safeguarding the core position of the U.S. dollar in the global payment system while gradually strengthening prudential requirements for issuers. Singapore's regulation of stablecoins reflects a balance between "encouraging innovation" and "risk prevention"; Japan's regulation is closer to the logic of traditional financial licenses, with banks and trust institutions as issuers; South Korea tends to focus on investor protection, emphasizing the compliance responsibilities of exchanges and issuers; the UAE adopts a "regulatory sandbox + segmented regulation" model, demonstrating strong institutional flexibility and a preference for attracting foreign investment.

Second, in terms of regulatory tools and institutional arrangements, Hong Kong has a clearer definition of the scope of stablecoins, requiring them to be pegged to fiat currencies and establishing relatively strict regulations regarding reserve asset custody, consumer redemption guarantees, and cross-border cooperation; the United States places more emphasis on functional orientation, particularly forming multi-layered, multi-agency parallel regulatory policies in AML/CFT (such as the Travel Rule, SAR/CTR reporting) and consumer protection. Other countries such as Singapore, Japan, and South Korea have also introduced AML/CFT obligations and investor protection measures within their regulatory frameworks, but the focus and openness of each country vary.

Based on the above analysis, the current regulatory paths for stablecoins in various countries and regions mainly reflect three types: the first type, represented by Hong Kong and Japan, emphasizes ex-ante regulation and financial stability; the second type, represented by the United States, emphasizes a functional orientation, seeking a balance between compliance and market development; the third type, represented by Singapore and the UAE, is more flexible in regulation, promoting innovation through segmented pilot programs and regulatory sandboxes. As stablecoins gradually embed into cross-border payments and financial market infrastructure, there is a potential for gradual convergence in mechanisms such as AML/CFT cooperation, reserve transparency, and cross-border mutual recognition among different jurisdictions in the future.

Chapter 3 Financial Security Risks Faced by Stablecoins

3.1 Risk Characteristics of Stablecoins

Due to their anonymity, rapid cross-border transactions, and the complexity of the regulatory environment, stablecoins are exploited by criminals in various scenarios, posing new challenges to financial order stability and social security. Their risk characteristics are mainly reflected in the following aspects:

• 1. Anonymity and Tracking Difficulties

Criminals exploit the anonymous addresses and complex transaction behaviors of stablecoins, increasing the difficulty of tracking. By splitting transactions, using mixing services (such as Tornado Cash), and transferring funds across chains, they create complex money flow paths that make it difficult for regulatory agencies to trace the source and destination of funds. This technical characteristic provides a natural cover for illegal activities such as money laundering and terrorist financing.

• 2. Risks of Algorithmic Stablecoins

Algorithmic stablecoins maintain price stability through smart contracts that dynamically adjust supply and demand (minting/burning mechanisms), but under extreme market pressure, this mechanism may fail, leading to severe price fluctuations or even de-pegging, triggering market and social risks. For example, the "UST collapse incident": the algorithmic stablecoin TerraUSD (UST) issued by the Terra ecosystem lost its 1:1 peg to the U.S. dollar due to market panic and massive withdrawals. The UST price plummeted from $1 to $0.05 in a short time, causing the price of the LUNA token to collapse, with a market value evaporating by over $50 billion. This incident exposed the vulnerabilities of algorithmic stablecoins under structural defects, prompting global regulators to strengthen oversight of stablecoins.

• 3. Smart Contract Vulnerabilities

If there are defects in the smart contract code or if backdoors are maliciously implanted, it may lead to theft of funds or malicious manipulation. Common vulnerabilities include insufficient input validation, calculation errors, and lack of access control.

• 4. Functional Deficiencies of Smart Contracts

Some stablecoin projects lack necessary control capabilities in their functional design, such as freezing functions and transaction limits, making it impossible to take timely action when suspicious transactions are detected.

• 5. Abuse of Privacy-Enhancing Technologies

Privacy technologies such as zero-knowledge proofs (ZKP) can enhance transaction confidentiality but may also be used to completely anonymize transaction details, increasing tracking difficulties. Criminals use such technologies to hide transaction paths, creating a "technical black box" that makes it difficult for regulatory agencies to obtain effective information, resulting in compliance blind spots.

• 6. Regulatory Arbitrage and Cross-Border Regulatory Risks

Stablecoin issuers often choose to register in regions with lax regulations, evading scrutiny through structural design and reducing operational costs. This regulatory arbitrage behavior may lead to ineffective local regulation, creating a transnational regulatory vacuum that poses significant challenges to international anti-money laundering (AML) and counter-terrorism financing (CTF) cooperation.

• 7. Classification of Risk Activities

From the perspective of the social harm of events involving stablecoins, the risk activities associated with stablecoins mainly include:

Illegal activities: such as terrorist financing, human trafficking, drug trafficking, ransomware, fraud, identity theft, and impersonation scams.

Suspicious activities: such as dark web markets, unlicensed gambling, and the use of mixing services.

3.2 Risks of Illegal Activities

3.2.1 Terrorism Financing

On April 3, 2025, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced that it had added eight Tron wallet addresses associated with the Houthi movement in Yemen to the Specially Designated Nationals and Blocked Persons (SDN) list, accusing these addresses of participating in illegal financial activities using Tether (USDT).

According to the Treasury, this illegal financial network is controlled by Sa'id al-Jamal, a senior financial officer of the Houthi movement based in Iran. He has been designated as a global terrorist since 2021, and the network he leads involves procuring sensitive goods such as Russian weapons and stolen grain from Ukraine, transporting these materials to areas controlled by the Houthis.

On June 15, 2025, Tether, the issuer of USDT, froze 12.3 million USDT directly targeting the Houthi wallet addresses.

The Houthi case illustrates that digital assets have become an important tool for terrorist financing, arms trading, and other criminal activities. Their anonymity, rapid settlement, and cross-chain characteristics provide criminals with loopholes to evade sanctions.

3.2.2 Human Trafficking and Drug Trafficking

At the beginning of 2025, we provided some information, data, and analytical support for a report by the United Nations Office on Drugs and Crime (UNODC) titled "Inflection Point: The Global Impact of Southeast Asia's Scam Centers, Underground Banking, and Illicit Online Markets." The report points out that the development of transnational organized crime in Southeast Asia is accelerating faster than at any time in history.

This is first reflected in the data related to synthetic drug production, with the supply of methamphetamine in Myanmar's Shan State increasing to record levels over the past decade. At the same time, the number of industrial-scale online fraud and scam centers driven by complex transnational groups, money launderers, human traffickers, data brokers, and an increasing number of other professional service providers and facilitators has surged.

Asian criminal groups have become authoritative market leaders in global online fraud, money laundering, and underground banking, actively strengthening cooperation with other major criminal networks worldwide. The emergence of new illegal online markets in Southeast Asia has further exacerbated this situation, significantly expanding sources of criminal revenue and allowing the scale of transnational organized crime to grow. These platforms not only create new opportunities for expanding operational bases overseas but are increasingly used by criminal groups outside Southeast Asia to launder money and evade the formal financial system. The aforementioned online fraud and other cybercrime activities are closely related to forced human trafficking. Meanwhile, major criminal groups collude with each other, often infiltrating casinos, special economic zones, business parks, and various traditional financial and digital financial services, which have proven to provide all the conditions, infrastructure, and regulatory, legal, and financial guarantees necessary for sustained growth and expansion.

In this context, many criminal groups that have developed to a considerable scale within Southeast Asia and continue to expand in other parts of the world are rapidly diversifying their business scope into multiple key infrastructure areas. This far exceeds the construction and management of physical fraud centers, encompassing online gambling platforms and software services, illegal payment platforms and digital asset exchanges, encrypted communication platforms, as well as stablecoins, blockchain networks, and illegal online markets, which are often controlled by the same criminal network. These organizations have also developed a powerful multilingual workforce composed of hundreds of thousands of human trafficking victims and accomplices.

These developments have rapidly expanded the victim pool of Asian criminal groups globally, exacerbating the existing challenges faced by law enforcement.

3.2.3 Ransomware Attacks

Attackers encrypt the data on victims' devices and demand payment in digital assets such as BTC to restore access. Stablecoins, due to their anonymity, convenience for cross-border payments, and irreversibility of transactions, are often used by ransomware gangs in money laundering operations after receiving ransom payments.

Risk Case: On March 7, 2025, the U.S. Department of Justice (DOJ) took joint action with German and Finnish authorities to seize the Russian digital asset exchange Garantex, which had been investigated multiple times for allegedly helping ransomware gangs launder money. It is said to have deep connections with the global cybercrime economy, with ransomware gangs like Conti relying on Garantex for money laundering. The exchange helped ransomware gangs clean the digital assets obtained from their extortion, allowing them to convert Bitcoin into USDT and other crypto stablecoins before transferring them to other exchanges for conversion into fiat currencies like the U.S. dollar.

3.2.4 Fraud and Identity Theft

Identity theft and fraud are among the most serious cybercrimes. They can cause long-term, devastating, and even irreparable consequences for affected individuals, groups, and companies. In recent years, stablecoins have increasingly appeared in related scenarios due to their widespread consensus and rapid transaction characteristics, such as: the sale of hacking tools, illegal rental of personal accounts, illegal sale of personal information, payments from fraud victims, and payments from extortion victims.

Risk Cases:

1. Fraud activities using stablecoins as a gimmick: With the implementation of the "Stablecoin Regulations" in Hong Kong, the concept of "stablecoins" has gained significant attention. However, as the market becomes euphoric, illegal activities exploiting "stablecoins" have also begun to emerge.

For example, since July 2025, financial management departments and industry self-regulatory organizations in multiple regions, including Zhejiang, Shenzhen, Beijing, Suzhou, Chongqing, Ningxia, and Henan, have issued risk warning announcements, emphasizing and reminding that "stablecoins" are being exploited by criminals, and their potential risks warrant high vigilance. Hong Kong regulatory authorities have also issued multiple warnings, reminding the public to be cautious of scams using the concept of stablecoins. Additionally, authoritative media such as the Economic Daily have focused on reporting the related risks of stablecoins.

Recently, there have been numerous scams claiming to be "JD Stablecoin." They boast of "state-owned background," "guaranteed profits," and "strong endorsements from Dong Ge," with some even sharing "profit screenshots" urging you to "get on board" quickly. JD.com has issued two statements clarifying that the so-called "JD Stablecoin" has not been issued at all, and all related investment information in the market is a scam.

2. Fraud activities using stablecoins as a channel: On June 26, 2025, a wealth management platform called "Xinkangjia," claiming to be backed by the "Dubai Gold and Commodities Exchange (DGCX)" and promising "1% daily interest," collapsed. The platform had companies in multiple locations across the country (Guizhou, Suzhou, Chongqing, Sichuan, Xiangtan, Shenzhen, etc.), with the amount involved reaching hundreds of billions, affecting approximately 2 million investors.

The DGCX Xinkangjia platform used the digital asset USDT for project participation and fund settlement. Registration required an invitation code and was almost exclusively spread within familiar circles. Participants had to pay a minimum entry fee of 1000 USDT, and users needed to purchase USDT for recharge. However, due to the complexity and difficulty of the operation, most newcomers would directly convert U into RMB and transfer it to their superiors. The USDT deposited by users went directly into a private wallet controlled by the platform.

3. Personal identity information theft: In March 2025, the incident of a "13-year-old girl participating in 'unboxing' online bullying against a pregnant woman" quickly became a focus of online discussion, bringing the term "unboxing" into the spotlight and exposing a corner of the black and gray industrial chain of citizen information leakage. On the overseas instant messaging software Telegram, accounts providing unboxing services listed over 50 items of user privacy information, including ID card information, household registration, marriage records, exit and entry records, delivery addresses, and asset transaction records. Users could obtain this information by recharging a sufficient amount.

From the perspective of the leakage paths of personal information, identity theft has formed a gray industrial chain. Within this chain, there are groups and individuals specifically engaged in collecting and leaking personal information, intermediaries who purchase personal information data from leaking sources, and individuals and groups who buy personal information from intermediaries to commit various crimes. The transaction payment methods between them, in addition to WeChat and Alipay, also involve digital assets like USDT. If one needs to inquire about the phone number, address, and educational background of the person being "unboxed," the price ranges from "dozens of U" to "hundreds of U" per item.

According to monitoring by Beosin's Alert platform, there are currently at least hundreds of public groups involved in personal data trading on Telegram, most of which use USDT for payments. These public group businesses include loans, insurance and other financial data, hacked government or enterprise data, and the sale of personal privacy data related to "unboxing."

3.2.5 Impersonation Fraud Attacks

Criminals frequently engage in phishing attacks by impersonating the official websites or applications of digital asset financial institutions, causing users to suffer losses due to their inability to distinguish between real and fake.

Risk Case:

Hubei Ezhou "OURBIT" platform fraud case: A fraud gang established the "OURBIT Digital Asset Trading Platform," claiming to be "registered in Singapore" and "holding financial licenses from the U.S. and the U.K." They launched gimmicks like "new profit-taking and stop-loss" and "first-ever zero slippage trading," forged trading candlestick charts based on Bitcoin market prices, and fabricated the illusion of trading nine types of digital assets, creating a professional and compliant platform image to attract investors. The platform used USDT for deposits and withdrawals, with the amount involved reaching 460 million yuan.

Zhejiang Wenzhou digital asset wallet theft case: Mr. Zhu was lured by "Lulu," who impersonated a digital asset wallet promoter, to scan a QR code and install malicious counterfeit digital asset wallet software. This software stole his wallet mnemonic phrase through a backdoor program, directly stealing all digital assets (including USDT and other stablecoins).

3.3 Suspicious Activity Risks

3.3.1 Dark Web Markets

Due to their anonymity, convenience, and global circulation characteristics, stablecoins have become one of the commonly used currencies in dark web transactions. In dark web trading, buyers and sellers can make anonymous payments using USDT, bypassing the regulation of traditional financial institutions. This has led to widespread use of USDT in dark web transactions and facilitated the development of dark web trading. Some dark web platforms have accepted stablecoins as a payment method for illegal goods (such as user data, drugs, etc.).

3.3.2 Guarantee Platforms

Southeast Asia's black and gray industries have formed a new criminal infrastructure centered around stablecoins like USDT. Criminal groups use decentralized channels such as stablecoins and Telegram groups to provide instant settlement services for online fraud, cross-border gambling, and other crimes, even forming a closed-loop ecosystem of funds pooling, guarantees, and exchanges. Guarantee platforms have rapidly developed as a new money laundering channel in recent years, with both user and fund scales growing exponentially. Data shows that from 2021 to 2025, the number of users on various guarantee platforms exceeded 460,000, with transaction volumes exceeding 10.9 billion USDT (approximately 79.4 billion yuan). As of 2025 (up to April 25), the number of users on guarantee platforms exceeded 110,000, with transaction volumes exceeding 2.7 billion USDT (approximately 19.6 billion yuan).

Table 3-1 Overview of Some Guarantee Platforms

| Platform Name | Transaction Volume in the First Half of 2025 | Public Group Users | Status | |-------------------|--------------------------------------------------|-----------------------|------------| | Huibang Guarantee | 1.946 billion USDT | 290,000 | Established in 2021, it is the most well-known and largest market on Telegram serving the black and gray industries, now announced to cease operations. | | New Coin Guarantee | 1.53 billion USDT | 150,000 | The second-largest guarantee platform on Telegram, previously affected by Huibang, temporarily banned, now fully unbanned and operating normally, with an increase in user numbers. | | Potato Guarantee | 93 million USDT | 140,000 | After the collapse of Huibang, it announced to redirect merchants and users to the Potato Guarantee platform, with a noticeable increase in user numbers and on-chain transaction funds. Potato Guarantee previously published information about Huibang's investment, which has now been deleted. | | Binance Guarantee | 9.45 million USDT | 90,000 | Established in 2023, it has steadily developed through industry integration and mergers, now gradually becoming the third-largest guarantee platform on Telegram. | | Shengfeng Guarantee | 16.06 million USDT | 11,000 | Shengfeng Guarantee has been engaged in white asset acceptance and large cash business since 2020, opening a guarantee department in December 2023, mainly providing guarantees for acceptance and channels. |

1. Introduction to the Huibang Guarantee Case

"Huibang Guarantee" was established in 2021 as an online guarantee platform based on Telegram and is the most well-known and largest market on Telegram serving the black and gray industries, later renamed "Haowang Guarantee."

Haowang Guarantee publicly claims to be merely a guarantee platform for facilitating transactions, but in reality, it has long provided assistance for money laundering, fraud, and other transnational criminal activities in Southeast Asia. Platform merchants openly sell fraud technology tools, human trafficking-related tools, citizen privacy data, and USDT-based money laundering services, with total transaction amounts reaching at least $27 billion.

As of the end of April 2025, Beosin found that Haowang Guarantee had over 290,000 users, with more than 6,000 merchants providing services, covering 12 major business categories and over 70 subcategories, accumulating over 500,000 related on-chain address tags.

2. Crackdown on Guarantee Platforms like Huibang

On July 13, 2024, Tether, the issuer of USDT, announced the freezing of approximately 29.62 million USDT assets in addresses related to the Huibang platform, accusing the platform of assisting in money laundering activities through funds obtained from hacking incidents involving institutions like DMM Exchange and Poloniex.

In early 2025, Apple and Google removed the app developed by Huibang Group;

In January 2025, the National Bank of Cambodia revoked the operating license of "Huibang Payment," marking its illegality in the region;

On May 1, 2025, the U.S. Department of the Treasury's Financial Crimes Enforcement Network designated Huibang Group as a "foreign financial institution of primary money laundering concern," intending to include it in the "significant money laundering concerns" list under "Section 311";

On May 13, 2025, thousands of channels, merchant accounts, and groups related to Haowang Guarantee and New Coin Guarantee that were associated with crypto fraud were banned en masse by Telegram, after which "Haowang Guarantee" announced its cessation of operations.

According to monitoring by Beosin's Alert platform, following the cessation of operations of platforms like Haowang, many involved in the black and gray industries of digital assets quickly shifted to other guarantee platforms' public groups to continue operations. Since 2024, a new batch of second-tier guarantee platforms has emerged, such as New Coin Guarantee, Potato Guarantee, and Shengfeng Guarantee, which have launched more differentiated guarantee trading public group services. Notably, there are also hundreds of small and medium guarantee platforms that operated briefly, providing transaction guarantee services for illegal trades with greater social harm, such as drugs, human trafficking, smuggling, and more.

3.3.3 Typical Money Laundering Business Cases

Taking the "cash/gold/physical + return to U" type of money laundering crime that has frequently appeared across mainland China as an example. In past telecom network fraud cases, the money defrauded from victims was generally transferred to the fraudsters through bank cards, third-party payments, and other means. As Chinese public security agencies have intensified their crackdown on telecom network fraud, it has become increasingly difficult for fraudsters to transfer funds related to fraud through traditional means, leading them to abandon traditional methods of fund transfer and revert to the most primitive method—collecting cash in person.

After defrauding victims of their funds through persuasive language, scammers often use phrases like "cash recharge has high timeliness and strong transaction security" or "online recharge channels are temporarily under maintenance" to lure victims into handing cash directly to "U merchants" who come to their door. In reality, these so-called "U merchants" are often "runners" carefully arranged by the fraud gang, whose core function is to quickly complete offline cash collection, facilitating the efficient transfer of fraud-related funds.

In specific operations, criminals recruit "door-to-door cash collection teams" through guarantee public groups on the Telegram platform, thereby deceiving victims into handing cash to "coin merchants" (who are actually cash collection runners). The team instructs the runners to collect cash from victims at the agreed time, and after the cash is collected, the funds are immediately converted into USDT and transferred to an on-chain address designated by the upstream criminal gang, forming a complete criminal chain of "overseas fraud - domestic cash collection - digital asset money laundering."

Currently, the items and methods used for door-to-door cash collection are also gradually upgrading. The items defrauded in "door-to-door cash collection" have expanded from cash to include gold, jewelry, luxury goods, electronic products, and more, making the targets for "cash collection" more diverse and easier to obscure from scrutiny. In addition to direct door-to-door transactions, scammers may also arrange to meet victims in some hidden and remote locations for transactions, or even have victims transfer fraud-related funds through express delivery, ride-hailing, or flash delivery, making it even more concealed and increasing the challenges for law enforcement.

Risk Case:

On August 19, 2025, the Maldives Police Service issued a notice reminding the public to be aware of a new type of scam emerging within the country. This scam is typically carried out by unidentified third-party intermediaries. The scammers contact both USDT sellers and Chinese citizens holding cash, arranging for offline transactions between the two. The Chinese citizens pay cash on the spot, while the sellers transfer USDT to the wallet address provided by the scammers. After the transaction is completed, the scammers disappear, and neither party receives the expected return, with the funds being taken by the intermediary, leading to mutual misunderstandings and difficulties in accountability. This scam specifically targets foreigners, especially Chinese citizens.

In August 2025, the Public Security Bureau of a southern county in Sichuan successfully dismantled a money laundering gang impersonating U merchants. On August 5, a resident reported to the police that they had been defrauded of 80,000 yuan while investing in digital assets, with the fraudster collecting cash offline in two instances outside a local tea house. After investigation, the special task force identified the vehicles and suspects involved, discovering that they had fled to Nanchong, Suining, and Chengdu on August 6. That evening, the police arrested four suspects in Chongzhou and seized 225,000 yuan in involved funds and two vehicles. Investigations revealed that the gang had been impersonating U merchants to commit fraud in multiple locations, and the case is still under further investigation.

According to monitoring data from Beosin-AML, there are long-term, high-frequency "money laundering teams" operating in 34 provinces, municipalities, and autonomous regions in mainland China, with an average single order amount exceeding 100,000 yuan. In some high-incidence provinces, the daily order volume can reach dozens. The scale and professional characteristics of such criminal activities have drawn significant attention and proactive responses from public security departments. According to reports, regions such as Beijing-Tianjin-Hebei, the Yangtze River Delta, and the Pearl River Delta are continuously optimizing the warning and deterrence system against telecom network fraud crimes through a "combination of attack and defense," strongly intercepting and cracking down on the "offline cash collection" segment, establishing a rapid interception and strike mechanism for fraud-related cash collection clues, and deeply investigating and combating "cash collection runners" and the organizational chains behind them, forming a preliminary "monitoring - warning - crackdown" full-chain governance model.

3.3.4 Unlicensed Online Gambling Services

Unlicensed gambling platforms utilize stablecoins for rapid, anonymous fund settlement. Online gambling platforms (especially illegal platforms operating across borders) are "heavy users" of stablecoins. These platforms typically do not accept direct deposits in fiat currency (to avoid bank regulation) but require users to convert fiat currency into stablecoins and then transfer them to designated addresses on the platform, with betting funds settled and withdrawn entirely in stablecoins. By circumventing traditional financial regulation, the cross-border characteristics of stablecoins make them the preferred payment method for such platforms. Once stablecoins enter the gambling platform's fund pool, they may mix with funds from fraud, extortion, theft, etc., further contaminating and spreading through user withdrawal operations, causing serious harm to financial regulation and crime fighting.

Numerous online gambling platforms providing services to Chinese citizens allow gamblers to use stablecoins for deposits and withdrawals. According to monitoring by Beosin's Alert platform, the transaction volume on online gambling platforms exceeded $38 billion in 2024, with a significant proportion involving stablecoins.

1. Common Types of Online Gambling Involving Stablecoins

Traditional online gambling with digital asset deposits/withdrawals: In this type of online gambling, gambling platforms typically offer multiple deposit and withdrawal methods, such as bank cards, third-party payment platforms, fourth-party payment platforms, and USDT stablecoins. Gamblers can choose to deposit and withdraw directly using USDT.

New blockchain hash gambling: This new form of blockchain hash gambling is currently very popular among online gambling involving digital assets. Unique blockchain hash values are generated during the transfer of digital assets, and this type of gambling uses the last few digits of the generated block hash value, odd/even, the sum of the digits, and combinations of numbers and letters as the basis for determining wins and losses. The platform uses smart contracts to determine the outcomes and return rewards in real-time, allowing for quick betting and payouts without requiring users to register an account, with the casino's fund pool being verifiable in real-time.

2. Risk Cases of Stablecoins Involved in Online Gambling Reported

$400 million USDT online gambling money laundering case: According to accusations from public security agencies, a programmer living abroad for a long time helped multiple gambling platforms complete a total of over 400 million USDT in betting fund settlements over the past two years, equivalent to approximately 2.7 billion yuan; his personal illegal profits exceeded 900,000 USDT, about 6 million yuan. The programmer is accused of providing digital asset payment settlement services for multiple overseas gambling websites, suspected of constituting the crime of operating a casino.

3.3.5 Mixers and Cross-Chain/Exchange Platforms Maliciously Used

Stablecoins have long been a major circulating asset within financial tools such as mixers, cross-chain bridges, exchange pools, and privacy wallets, with stablecoin holders using their stability to reduce the risk of value fluctuations in transactions. However, these financial tools are often maliciously exploited by criminals as tools to sever the transaction links of digital assets and obscure the sources and destinations of funds, rendering transaction records on the blockchain untraceable. Their main usage scenarios include money laundering of online crime funds and the circulation of funds to evade sanctions.

Money laundering of online crime funds: Stolen coins, robbery, and hacker attack groups process involved funds through mixers in multiple layers before converting them into stablecoins for phased cashing out, leveraging the wide acceptance of stablecoins to quickly convert them into fiat currency or other assets.

Circulation of funds to evade sanctions: Entities or individuals under international sanctions process funds through mixers or privacy wallets to bypass the restrictions of traditional financial systems, achieving cross-border movement of funds.

Table 3-2 Overview of Typical Mixers and Cross-Chain Exchange Platforms

| Platform Name | Stablecoin Transaction Amount in the First Half of 2025 | Total Transaction Amount in the First Half of 2025 | Status | |-------------------|------------------------------------------------------------|------------------------------------------------------|------------| | Tornado Cash | $10 million | $1.437 billion | Tornado Cash is a decentralized, non-custodial privacy solution. It enhances transaction privacy by breaking the on-chain link between source and target addresses. It has been deployed on public chains such as ETH, BSC, Polygon, Optimism, Arbitrum, Gnosis, and Avalanche. | | THORChain | $1.7 billion | $12.827 billion | THORChain is a decentralized exchange (DEX) that allows users to swap digital assets directly between different blockchains (such as Bitcoin, Ethereum, Litecoin, BSC, Tron, etc.). | | LI.FI | $10.6 billion | $15.263 billion | LI.FI is a cross-chain aggregator. It is not a bridge itself but finds the best routes for users to transfer assets between different chains (optimal price, fastest speed). It intelligently routes through multiple different cross-chain bridges and DEXs. | | Across | $2.79 billion | $6.88 billion | Across Protocol is an emerging cross-chain bridge built on UMA's Optimistic oracle. It combines Optimism oracles, relayers, and single-sided liquidity pools to provide decentralized instant trading between chains, currently supporting networks such as Ethereum, Arbitrum, Optimism, and Polygon. | | Uniswap | $240 billion | $790 billion | Uniswap is the largest and most influential decentralized exchange (DEX) on the Ethereum blockchain. It allows users to trade various Ethereum-based tokens (ERC-20 standard) directly from a digital asset wallet without permission, anonymously, without needing to register an account or complete KYC verification through centralized intermediaries like Coinbase or Binance. Its core features include non-custodial, permissionless & no KYC, automated market maker (AMM) model, and free listing. | | PancakeSwap | $75 billion | $735 billion | PancakeSwap is the largest decentralized exchange (DEX) and automated market maker (AMM) on the Binance Smart Chain (BSC). Users interact with it through non-custodial wallets (like MetaMask, Trust Wallet), fully controlling their funds without registration or KYC. Its core features include being based on the BSC chain, low fees, AMM model, non-custodial & permissionless, and free listing, with over 25 million active user addresses in the first half of 2025. |

1. Tornado Cash Used by Criminals for Money Laundering Case

Ronin Bridge Hacking Incident: In March 2022, attackers associated with the North Korean hacker group Lazarus Group exploited a vulnerability in the Ronin Bridge under Axie Infinity, stealing 173,600 ETH and 25.5 million USDC, with a total value at the time reaching $625 million. Subsequently, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctions report explicitly stated that the hackers used Tornado Cash to launder part of the stolen funds, mixing the stolen ETH through Tornado Cash before transferring it to other addresses for exchange or transfer, laundering over $455 million in digital assets stolen from the Ronin Bridge.

Xinkangjia Investment Fraud Case: The project used stablecoins for deposits and withdrawals, quickly transferring funds across borders when it ran away, involving approximately 13 billion yuan, with around 2 million investors. Within just 48 hours before the collapse, the project team used a mixer (Tornado Cash) to rapidly transfer about 1.8 billion USDT funds overseas.

2. THORChain and LI.FI Used by Criminals for Money Laundering Cases

Bybit Hacking Incident: On the evening of February 21, 2025, the ETH cold wallet of the digital asset trading platform Bybit was hacked, resulting in stolen assets valued at nearly $1.5 billion. First, the hackers continuously split the stolen funds and transferred them to multiple other addresses controlled by them. Subsequently, the hackers exchanged USDT and ETH for BTC through exchanges and cross-chain operations such as Chainflip, ChangeNow, Thorchain, LI.FI, and DLN, further transferring and concealing the flow of funds. Among these, cross-chain platforms like Thorchain and MayaSwap became the main channels for transferring the stolen funds from Bybit. Finally, the hackers further obscured the funding path by mixing the exchanged BTC through a mixer, laundering the stolen funds.

Figure 3-6 Analysis of Hacker Stolen Funds Flow

3. Money Laundering Cases Involving Exchange Platforms

On October 16, 2024, Radiant Capital encountered a security vulnerability, resulting in a loss of approximately $50 million. The hackers transferred the funds through mixers and cross-chain bridges to cut off the traceability of the funds. Recently, the hacker group sold 2,496 ETH at a price of $4,741 each, obtaining approximately $11.83 million in DAI.

3.4 Chapter Summary

Currently, global law enforcement agencies have established a multi-layered response system to address the risks associated with stablecoins, forming a comprehensive regulatory network through technical tracking (such as blockchain analysis tools), judicial cooperation (such as cross-border asset freezing), and policy regulations (such as Hong Kong's "Stablecoin Ordinance").

According to monitoring by Beosin's Alert platform, as of August 24, 2025, the total circulating supply of USDT was approximately 167.1 billion, with over 2.505 billion USDT frozen on the Ethereum, TRON, Arbitrum, and Avalanche chains, accounting for 1.49%; the total circulating supply of USDC was approximately 67.5 billion, with over 108 million USDC frozen on the Ethereum, TRON, POLYGON, and Arbitrum chains, accounting for 0.16%.

Although the scale of funds used for illegal activities involving stablecoins has raised concerns, their proportion in actual transaction volumes remains relatively limited. We believe that as anti-money laundering standards are upgraded (such as the implementation of FATF travel rules and the mandatory freezing function of smart contracts), the risk exposure is gradually narrowing.

As the world's first jurisdiction to establish a regulatory framework for stablecoin issuers, Hong Kong relies on a "100% collateral + legal audit + real-time monitoring" triad mechanism, combined with on-chain tracking technology provided by institutions like Beosin, to form a risk prevention and control system covering the entire process of issuance, circulation, and redemption of stablecoins. Based on mature financial infrastructure and cross-border cooperation networks, there is already sufficient capability to ensure financial innovation while establishing Hong Kong's stablecoin projects as a global compliance benchmark.

Chapter 4 Hong Kong Stablecoin Anti-Money Laundering Technical Solutions

4.1 Overall Solution and Key Technology Introduction for Stablecoin Regulation

In the Web3 ecosystem, stablecoins serve as a key hub connecting traditional finance and the digital economy. Throughout their lifecycle, from issuance preparation, transaction circulation, operational monitoring, to asset redemption, various stages face security and compliance risks. This solution focuses on three core dimensions: source prevention, dynamic monitoring, and precise governance, constructing a security protection system covering the entire lifecycle of stablecoins, providing a comprehensive security solution for stablecoins:

Figure 4-1 Beosin "One-Stop" Stablecoin Security and Compliance Technical Solution

Based on the overall solution for stablecoin regulation technology, and in accordance with the regulatory requirements of Hong Kong's "Stablecoin Ordinance" and "Guidelines for Combating Money Laundering and Terrorist Financing," a targeted stablecoin regulatory solution based on a whitelist of stablecoin smart contracts has been proposed. The main features of this solution are as follows:

• The whitelist enables closed-loop ecological flow of stablecoin funds.
• KYT/KYA achieves real-time risk assessment of stablecoin transactions and wallet addresses.
• Contract operation monitoring enables real-time monitoring of operations such as stablecoin issuance, destruction, and freezing.
• Situation analysis allows for monitoring of transaction risks and asset distribution analysis for stablecoins.
• TransTracer enables tracking and tracing of risky funds.
• Issuers and financial institutions confirm customer identity information in accordance with the Travel Rule.

Figure 4-2 Regulatory Technical Solution Based on the "Hong Kong Stablecoin Ordinance"

The stablecoin regulatory technical solution involves the following key technologies:

1. KYC

KYC ("Know Your Customer") is a core process executed by financial institutions, payment platforms, digital asset exchanges, peer-to-peer lending companies, and other entities that handle funds or sensitive business to comply with anti-money laundering (AML) and counter-terrorist financing (CFT) requirements. Its essence is to confirm the authenticity of customer identities by collecting and verifying identity information (such as ID cards, passports, proof of address, etc.), understanding the source of customer funds and the purpose of their business, and assessing the risk level of customers, thereby eliminating the possibility of identity fraud or using the platform for illegal activities such as money laundering, fraud, or terrorist financing, ultimately ensuring compliance operations while maintaining the security of the financial system and business ecosystem.

2. KYT

KYT ("Know Your Transaction") is a real-time monitoring and risk screening process implemented by financial institutions, payment platforms, digital asset exchanges, etc., based on completed KYC to further prevent illegal financial activities such as money laundering, terrorist financing, and fraud. Its core is to track key information for each transaction in real-time through the system — including transaction amount, transaction frequency, fund flow, identity and region of counterparties, and whether the transaction pattern aligns with the customer's historical behavior — and compare this information with AML and CFT-related risk lists (such as international sanctions lists, high-risk country/region lists, and suspicious transaction pattern databases). If any abnormal transactions are detected (such as sudden large fund transfers, frequent transactions with high-risk region accounts, or transaction patterns that severely deviate from the customer's identity background), alerts will be triggered immediately, and subsequent verification and reporting processes will be initiated, thereby blocking illegal fund flows at the transaction stage and adding a "real-time protective net" to the security of the financial system.

3. KYA

In the digital asset context, KYA focuses on "Know Your Address" and extends to "Digital Asset Address Risk Assessment." Its essence is the on-chain risk screening, tracing, and grading process conducted by digital asset trading platforms, wallet service providers, and on-chain compliance institutions regarding the blockchain addresses used by users (such as BTC, ETH, USDT, etc.). This is a core component of the anti-money laundering (AML), counter-terrorism financing (CFT), and anti-fraud compliance systems for digital assets, and it serves as an on-chain extension of traditional KYC identity verification — after all, while blockchain addresses are highly anonymous, on-chain transaction records are publicly traceable, and address risk is directly related to the legality of funds. The core assessment logic revolves around three dimensions of "historical behavior, relational connections, and compliance attributes" of on-chain addresses, specifically including:

(1) Address Historical Transaction Risk: Using on-chain explorers or compliance tools to trace the transaction records of addresses to determine whether there are high-risk behaviors — for example, whether they have received/transferred "hacker proceeds" (such as funds flowing in from known stolen wallet addresses), "dark web funds" (interacting with addresses of dark web trading platforms), "mixed funds" (splitting/mixing fund sources through mixers to evade tracking), or frequently engaged in typical money laundering transaction patterns such as "small amount aggregation - large amount transfer" or "cross-chain rapid transfer."

(2) Address Associated Entity Risk: Checking whether the address is linked to "high-risk entities" — for example, whether it belongs to individuals/organizations sanctioned by regulatory agencies worldwide (such as FATF, OFAC), addresses of publicly listed illegal exchanges, addresses of pyramid schemes/fraud funds, or whether there are financial transactions with known money laundering groups or terrorist financing networks.

(3) Address Compliance Attribute Risk: Assessing the "transparency" and "compliance record" of the address — for example, whether it is an "anonymous address" (never linked to compliant platforms with real-name information, used only for anonymous transactions), a "dormant address" (suddenly activated with a large amount after a long period of inactivity, suspected of evading monitoring), or has been marked as a "risky address" by security agencies due to involvement in illegal transactions.

The core purposes of such assessments are twofold: first, from a compliance perspective, to meet the regulatory requirements of various countries for the digital asset industry (such as FATF's "travel rule" requiring tracking of on-chain fund flows to ensure traceability), avoiding regulatory penalties or license revocation risks for platforms handling high-risk address funds; second, from a risk prevention perspective, to protect the fund security of platforms and legitimate users — for example, if a user's deposit address is assessed as "high risk," the platform can trigger an alert, requiring the user to explain the source of funds, or restrict deposit and withdrawal operations for that address to prevent illegal funds from entering the platform, or to prevent users from inadvertently transferring funds to a stolen address, resulting in their funds being frozen.

4. Travel Rule

The Travel Rule is a key compliance framework established by the Financial Action Task Force (FATF), the core international organization for anti-money laundering and counter-terrorist financing. Its core is to prevent money laundering, terrorist financing, and proliferation financing by proposing cross-institutional identity information transmission requirements for "fund or value transfer services" (covering both traditional finance and digital asset sectors): when the transfer amount of funds or digital assets reaches or exceeds the threshold set by FATF (typically €1,000/$1,000 in traditional finance, with reference to this standard in the digital asset sector), the sending institution (such as banks, payment institutions, digital asset exchanges) must proactively provide "complete identity information of the sender and receiver" (including name/institution name, account/blockchain address, residential/registered address, contact information, etc.) to the receiving institution, which must verify the authenticity of the information, properly maintain records, and cooperate with regulatory agencies during inspections; its essence is to break the "identity anonymity" in fund/asset transfers, achieving full-chain traceability of fund flows, thereby blocking illegal fund transfers at the transaction stage. This has become a mandatory anti-money laundering compliance requirement that financial institutions and digital asset service providers in most countries and regions must adhere to, while also promoting the coordinated unification of compliance standards in both traditional finance and digital finance sectors.

5. Stablecoin Smart Contracts

Stablecoin smart contracts are token contracts deployed on blockchains (such as Ethereum, Solana) that implement the issuance and management of digital currencies pegged to fiat or other assets through pre-set automated code protocols. They achieve transparent issuance, redemption, transfer, and other functions through on-chain verifiable logic, and combine reserve proof, permission control, and compliance mechanisms (such as KYC/AML, freezing functions) to ensure price stability, security compliance, and traceability, forming the technical core of the stablecoin system. The functional interfaces of stablecoin smart contracts must meet relevant standard specifications, such as ERC-20, ERC-3643, etc. Stablecoin smart contracts can implement prohibitions on transfers and normal releases during the token transfer process by setting black/white lists and identity authentication.

6. Blacklists and Whitelists of Stablecoin Smart Contracts

The blacklist and whitelist mechanism of stablecoin smart contracts is a core permission control module built into the contract, primarily serving to manage precise access and restrictions on on-chain transfer operations of stablecoins. In actual operations, licensed entities (such as compliant stablecoin issuers and regulatory-qualified custodians) can rely on pre-set permissions in the contract to include specific addresses (such as those related to sanctions or money laundering risks) in the blacklist. Once an address is blacklisted, any stablecoin transfer requests initiated from that address will be automatically intercepted by the contract, and the transfer transaction cannot be executed normally. At the same time, licensed entities can also include compliant addresses (such as legitimate user accounts and partner financial institution addresses) that have passed KYC/AML verification in the whitelist, allowing only transfer operations initiated from whitelisted addresses to be recognized and executed by the contract. This "dual permission control" meets anti-money laundering (AML), counter-terrorist financing (CFT), and regulatory compliance requirements, ensuring the security of the stablecoin circulation ecosystem.

4.2 Stablecoin Whitelist and Its Contract Security Audit

4.2.1 Stablecoin Whitelist Structure

_Regulatory Text: _"Guidelines for Licensed Stablecoin Issuers under the Stablecoin Ordinance"

_Section 6.5.3: _Licensees should identify all operations related to each specified stablecoin throughout its entire token lifecycle, including deployment, configuration, minting, burning, upgrading, pausing, resuming, blacklisting, unblacklisting, freezing, unfreezing, whitelisting, and any use of operational wallets. For each operation, the licensee should establish an authorization level commensurate with the risk level of that operation, as well as the triggers and conditions required for execution.

_Regulatory Text: _"Guidelines for Combating Money Laundering and Terrorist Financing" applicable to licensed stablecoin issuers

_Section 5.11: _Given that the effectiveness of the aforementioned risk mitigation measures has not yet been confirmed, the Monetary Authority requires licensees to act cautiously when determining whether their systems are sufficient to mitigate the money laundering and terrorist financing risks associated with licensed stablecoin activities (especially those involving peer-to-peer transfers between non-custodial wallets). Unless the licensee can prove to the Monetary Authority and convince them that such risk mitigation measures can effectively prevent and combat money laundering, terrorist financing activities, and other crimes, the identity of each stablecoin holder should be verified by one of the following parties: (i) the licensee (even if the holder has no customer relationship with the licensee); (ii) a properly regulated financial institution or virtual asset service provider; or (iii) a reliable third party.

To ensure that only wallet addresses verified for identity can hold stablecoins, stablecoin licensees can set up a whitelist in the smart contract and grant the licensee and qualified institutions joint management rights over the contract whitelist. The operational process generally follows these steps:

• The licensee and institution conduct KYC registration, certification, and storage of user information.
• The licensee and institution manage registered wallet addresses in the contract, i.e., adding addresses to the contract whitelist.
• The licensee and institution confirm information for both parties in the transfer under the off-chain Travel Rule.
• Conduct real-time and periodic risk assessments on whitelisted addresses; if a change in risk level is detected, promptly remove the address from the whitelist or place it on the blacklist.

Figure 4-3 Stablecoin Smart Contract Whitelist Solution

4.2.2 Stablecoin Smart Contract Design

_Regulatory Text: _"Guidelines for Licensed Stablecoin Issuers under the Stablecoin Ordinance"

_Section 6.5.3: _Licensees should identify all operations related to each specified stablecoin throughout its entire token lifecycle,

which should include deployment, configuration, minting, burning, upgrading, pausing, resuming, blacklisting, unblacklisting, freezing, unfreezing, whitelisting, and any use of operational wallets.

_Regulatory Text: _"Guidelines for Combating Money Laundering and Terrorist Financing" applicable to licensed stablecoin issuers

Section 5.10: All on-chain stablecoin transactions will be automatically recorded in real-time on the blockchain where the transaction occurs, providing a certain level of traceability for transactions and helping to identify potential illegal activities and the wallet addresses involved in such activities. Without contravening Section 5.11, licensees may implement various measures to mitigate the risk of stablecoins being used for illegal activities. Examples of such measures include: (a) adopting appropriate technological solutions (such as blockchain analysis tools) to continuously screen stablecoin transactions and related wallet addresses outside the initial distribution scope; (b) blacklisting wallet addresses identified as being related to sanctions or illegal activities; and/or (c) promptly freezing the relevant stablecoins upon receiving requests from regulatory authorities or law enforcement agencies or court orders.

Section 5.11: Given that the effectiveness of the aforementioned risk mitigation measures has not yet been confirmed, the Monetary Authority requires licensees to act cautiously when determining whether their systems are sufficient to mitigate the money laundering and terrorist financing risks associated with licensed stablecoin activities (especially those involving peer-to-peer transfers between non-custodial wallets). Unless the licensee can prove to the Monetary Authority and convince them that such risk mitigation measures can effectively prevent and combat money laundering, terrorist financing activities, and other crimes, the identity of each stablecoin holder should be verified by one of the following parties: (i) the licensee (even if the holder has no customer relationship with the licensee); (ii) a properly regulated financial institution or virtual asset service provider; or (iii) a reliable third party.

Section 6.36: (b) Regularly and/or upon the occurrence of triggering events (for example, when the licensee is continuously monitoring stablecoin transfers with counterparties or becomes aware of any greater money laundering and terrorist financing risks from other information (such as negative news reports from credible media or public information indicating that the counterparty has been involved in any targeted financial sanctions, money laundering, and terrorist financing investigations or regulatory actions), review the information obtained from the due diligence measures taken regarding stablecoin transfer counterparties as per Section 6.33, and (if applicable) update the risk assessment of stablecoin transfer counterparties.

1. Functional Requirements of Stablecoin Smart Contracts

According to the guidelines, the smart contract must implement the following identity verification and operation management requirements:

• l Deployment: Place the smart contract code "on-chain," turning it into a runnable program that users can call. After deployment, the contract address is fixed, and the code cannot be arbitrarily changed (unless an upgrade mechanism is designed);
• l Configuration: Adjust operational parameters within the allowed range of the contract (e.g., token name, token precision, permission allocation, etc.);
• l Minting: The stablecoin issuer adds new token issuance and sends the newly issued stablecoins to a specified address. After minting new stablecoins, the total supply of stablecoins increases. For fiat-pegged stablecoins, minting must correspond to the increase in fiat reserves off-chain;
• l Burning: Permanently remove tokens from circulation and deduct tokens from a specified address, commonly used in redemption scenarios (when users exchange stablecoins for fiat);
• l Upgrading: If the stablecoin contract adopts an upgradeable technical architecture, the stablecoin issuer can upgrade the business logic of the stablecoin. Upgrades can add new business functions to meet the latest regulatory requirements or fix current code defects;
• l Pausing/Resuming: Temporarily disable part or all of the contract's functions (such as transfers, minting, redemption, etc.) under emergency or judicial/compliance requirements; resuming unlocks the corresponding capabilities;
• l Freezing/Unfreezing: Mark addresses identified as illegal or high-risk as "blacklisted," prohibiting them from receiving or transferring stablecoins; unblacklisting restores their normal transfer capabilities;
• l Whitelisting: Only accounts that have undergone KYC/due diligence and received approval can participate in certain sensitive operations (such as initially receiving newly minted coins, participating in redemptions, or directly connecting with custodial accounts of the issuer).

According to the guidelines, the smart contract must implement the following transaction control and real-time screening requirements:

Although regulatory requirements do not mandate the adoption of specific token standards, they clearly state that stablecoin contracts must have comprehensive governance and compliance functions, including: token minting and burning, contract logic upgrades, network-wide pauses, fund freezing, blacklist and whitelist management, etc., to ensure that business operations are traceable, controllable, and compliant with audit requirements.

In terms of technical solutions, issuers typically weigh between two paths: implementing compliance controls based on ERC-20 through an extension layer or directly adopting the ERC-3643 standard designed specifically for regulated assets.

Unlike the general ERC-20 standard, ERC-3643 is an Ethereum token standard specifically designed for regulated assets. It constructs a technical architecture that complies with securities regulations while retaining the efficiency advantages of blockchain through embedded identity verification and automated compliance engines, addressing the core contradictions of traditional financial assets on-chain.

ERC-3643 addresses the core needs of compliant asset tokenization through a modular architecture. This decoupled design allows for high configurability of the system. The most critical aspect is the separation of the identity registry and compliance contract, allowing for flexible adjustments to compliance rules based on jurisdictional requirements without altering the core logic of the token. When a user initiates a transfer, the token contract automatically queries the compliance contract, which cross-checks the identity declarations in the identity registry, forming an automated compliance decision chain.

The technical architecture of ERC-3643 employs a dual-layer permission control system, inheriting ERC-20 functionalities while adding two layers of key compliance layers. The first layer focuses on verifying the identity and qualifications of the transaction recipient, utilizing ERC-734/735 standards to validate the existence of identity declarations and the certification status of trusted issuers; the second layer imposes global rule constraints on the token itself, such as setting daily transfer limits and maximum holder counts. This layered design ensures continuous verification of investor qualifications while providing issuers with flexible tools for regulatory rule enforcement, meeting the multidimensional compliance needs of security tokens.

Table 4-1 Comparison of Technical Implementation Paths for ERC-20 and ERC-3643 Stablecoins

Comparison Dimension

ERC-20 Path

ERC-3643 Path

Design Goal

Focuses on achieving basic token issuance and transfer functionalities.

Specifically designed for regulatory scenarios, with the core aim of addressing compliance management and identity verification issues for regulated assets on the blockchain.

Compliance Features

Does not inherently possess identity verification and embedded compliance rule capabilities, requiring an additional compliance intermediary layer or reliance on off-chain KYC systems.

Incorporates identity verification functions and compliance decision mechanisms within the token layer, allowing for flexible configuration of compliance rules.

Permission Control

If freezing, blacklisting, and whitelisting permissions need to be set, complex development and integration of external components are required.

Possesses a dual-layer permission control system, with identity layer verification of recipient qualifications and rule layer setting global constraints, enabling on-chain real-time execution of KYC/AML and regulatory restrictions.

Interoperability

With the maturity of the Ethereum ecosystem, it has a mature toolchain, broad compatibility with wallets, exchanges, auditing tools, and convenient interoperability with DeFi components.

Its design is more compliance-focused, which may present some adaptability challenges when interoperating with certain traditional DeFi components due to compliance checks, but it has advantages in specific scenarios involving cross-chain regulated assets.

Audit Friendliness

Requires additional intermediary layers and detailed audit records to assist in auditing, making the operational process relatively cumbersome and the audit evidence acquisition process complex.

All identity verification records and compliance decisions are verifiably stored on-chain, allowing regulatory authorities to directly access relevant information, resulting in high audit friendliness.

2. Contract Framework Design

Under the regulatory framework in Hong Kong, stablecoin issuers not only need to ensure the security and stability of the tokens but must also meet strict compliance reviews, traceability, and scalability requirements. Therefore, the design of stablecoin contracts must incorporate mechanisms for permission management, compliance control, upgrade strategies, and risk prevention from the outset. To meet these needs, a "three-layer architecture" is recommended, including: Stablecoin Token Contract + Proxy Contract + Multi-Signature Wallet Contract, achieving secure, flexible, and auditable stablecoin issuance and management through modular and multi-layer control.

(1) Stablecoin Token Contract

The stablecoin token contract is the core of the entire system, responsible for minting, burning, and transferring tokens, and embedding compliance control logic. The contract can implement functions such as account freezing, blacklist and whitelist management, and network-wide pausing, ensuring that each transaction complies with the regulatory requirements of the Hong Kong Monetary Authority (HKMA). In terms of technical implementation, it can choose to be based on ERC-20 and achieve compliance control through an extension layer, or adopt the ERC-3643 standard specifically designed for regulated assets, allowing the token to support on-chain identity verification and compliance checks during on-chain circulation, achieving real-time compliance and traceability.

(2) Proxy Contract

The proxy contract is used to manage the upgrades and maintenance of the stablecoin token contract, effectively providing a secure "upgrade entry" for the core contract. Through the proxy contract, issuers can smoothly update the token contract when business logic or regulatory requirements change, without needing to change the token address or migrate user assets, thereby reducing operational risks and costs. At the same time, the upgrade process of the proxy contract can be controlled and audited, ensuring that the system is scalable in the long term and meets regulatory requirements.

(3) Multi-Signature Wallet Contract

The multi-signature wallet contract serves as an important security layer for the system, managing the authorization of funds, permissions, and key operations. For example, high-risk operations such as minting, burning, or contract upgrades must be jointly signed by multiple parties before execution, similar to how a bank vault requires multiple authorizations to open. The multi-signature mechanism can decentralize operational permissions, reduce single-point risks, and meet the HKMA's requirements for prudent governance, multi-party supervision, and operational traceability for stablecoin issuers.

4.2.3 Smart Contract Security Audit

_Regulatory Text: _"Guidelines for Licensed Stablecoin Issuers under the Stablecoin Ordinance"

Section 6.5.5: Licensees should also engage qualified third-party entities to conduct smart contract audits (such as formal verification and security assessments) at least once a year, and when deploying, redeploying, or upgrading smart contracts, to ensure that the smart contracts (i) execute correctly, (ii) align with expected functions, and (iii) have a high level of confidence that there are no vulnerabilities or security flaws.

As the regulatory framework for stablecoins in Hong Kong and globally gradually improves, stablecoin contracts need to meet both technical security and compliance requirements during the design and deployment process. Smart contract security audits aim to comprehensively assess the contract architecture, proxy mechanisms, funding logic, permission governance, and on-chain compliance design from multiple dimensions. By combining automated detection with manual review, potential security risks and design flaws can be identified, ensuring the stablecoin system operates securely, transparently, and sustainably, providing a solid technical guarantee for subsequent compliance applications and market operations.

(1) Contract Architecture and Proxy Mechanism Audit

Focus on verifying the logical integrity and upgrade safety of the proxy contract, ensuring that the data storage layout of the proxy contract is consistent with that of the stablecoin contract, avoiding asset risks caused by variable misalignment after upgrades. At the same time, assess whether the contract framework complies with design requirements, ensuring that upgrade permissions, management roles, and governance logic are transparent and controllable.

(2) Core Logic and Funding Security of Stablecoins

Audit the core logic of the stablecoin contract regarding issuance, burning, transfer, and freezing, ensuring compliance with regulatory policies and business needs, and avoiding high-risk issues such as logical vulnerabilities, permission abuse, and abnormal minting. Focus on the accuracy and consistency of fund flows and asset records, ensuring that on-chain assets match off-chain custodial assets.

(3) Permission Control and Multi-Signature Governance Mechanism

The multi-signature contract is an important foundation for compliance and security, requiring verification of the multi-signature signing process, threshold strategies, and abnormal recovery plans. Ensure that management permissions are decentralized to prevent single points of failure or individual control over assets. Conduct comprehensive testing of management logic related to key operations, such as contract upgrades, parameter adjustments, and emergency freezing.

(4) Compliance and On-Chain Monitoring Design

Evaluate the contract's support for mechanisms such as blacklists, whitelists, address freezing, and limit restrictions in accordance with regulatory requirements. Focus on verifying the on-chain event recording and audit tracking capabilities, ensuring that the contract has sufficient compliance visibility and regulatory collaboration capabilities to meet cross-chain and cross-institution risk control needs.

(5) Security Testing and Attack Defense

Conduct comprehensive testing of the stablecoin contract using formal verification, symbolic execution, and fuzz testing methods, focusing on risk points directly related to stablecoin operations, such as minting/burning authorization, upgrade and storage layout consistency, permission boundaries, on-chain/off-chain reconciliation, and emergency freezing. At the same time, in conjunction with the operating environment and proxy mechanism design, ensure that the contract has attack resistance capabilities in real business scenarios.

Before deploying the stablecoin smart contract on-chain, Beosin can provide in-depth audits of the stablecoin smart contract through its self-developed formal verification platform Beosin VaaS, in collaboration with a team of blockchain security experts. By using formal verification technology to validate contract logic and leveraging a multi-source security vulnerability database accumulated from practical experience to conduct comprehensive security testing on the stablecoin contract. For identified code vulnerabilities, contract backdoors, and other issues, repair solutions will be provided and tracked for rectification, ensuring the underlying logic of the stablecoin is secure and trustworthy.

Figure 4-4 Smart Contract Security Audit Process

4.2.4 Underlying Distributed Ledger Security Audit

_Regulatory Text: _"Guidelines for Licensed Stablecoin Issuers under the Stablecoin Ordinance"

Section 6.5.5: Regarding the distributed ledger related to the operation of specified stablecoins, licensees should assess the robustness of the relevant technology, including but not limited to security infrastructure, such as the cryptographic algorithms used; consensus mechanisms, covering factors such as decentralization, fault tolerance, and incentive mechanisms; capacity and scalability; whether there are third-party audits or assessments and their results; the ability to withstand common attacks (including 51% attacks or other attacks that may affect transaction finality); past security records; and risks related to code defects, intrusions, vulnerabilities, and other threats.

The HKMA has repeatedly emphasized that stablecoin issuers should prioritize choosing mature public blockchains with long-term stable operation experience and high decentralization, such as Ethereum. These public chains rely on a large network of validating nodes, transparent governance mechanisms, and long-term operational experience, providing advantages in attack resistance, transaction finality, and overall security, while their high attack costs can effectively reduce systemic risks.

For cases where non-mainstream chains (such as emerging public chains, consortium chains, or proprietary chains) are chosen due to business needs, more detailed security audits and assessments of the chain platform should be conducted to ensure that overall security and robustness are not lower than those of mature public chains. Audits can focus on the following dimensions:

• l Network Architecture and Consensus Mechanism: Assess the number of nodes, geographical distribution, and the attack resistance and fault tolerance of the consensus algorithm to ensure stable network operation.
• l Economic Model and Incentive Mechanism: Analyze the economic design of network tokens and assess whether it can effectively incentivize validators and prevent Sybil attacks or economic manipulation.
• l Centralization Risks of Nodes and Operators: Investigate the degree of decentralization of on-chain nodes and the design of operator permissions to reduce systemic risks brought by centralization.
• l Code and Protocol Security: Conduct security analysis of the core code, consensus protocol, virtual machine, and P2P modules of the chain to identify potential vulnerabilities or backdoors.
• l Network Monitoring and Emergency Response: Assess the chain platform's logging, monitoring capabilities, and emergency plans for fork or attack events.
• l Governance Mechanism and Upgrade Strategy: Review the chain governance rules and protocol upgrade processes to ensure they are transparent, controllable, and capable of risk resistance.
• l Compatibility and Scalability: Assess the compatibility of non-mainstream chains with external systems (such as wallets, cross-chain bridges, or oracles) and the risks of ecological integration.

Through customized security testing, a comprehensive assessment of the blockchain platform's architecture, consensus mechanism, node communication protocols, etc., can be conducted, along with simulated attack testing to identify potential risk points. The audit results can form targeted reinforcement plans to enhance the security, robustness, and auditability of the underlying environment, providing technical support for stablecoin issuance and circulation.

Figure 4-5 Blockchain Platform Security Testing Process

4.3 Anti-Money Laundering Risk Assessment and Monitoring for Stablecoins

In response to the risks during the circulation and transaction phase of stablecoins, Beosin has launched the Stablecoin Monitor, KYT, and KYA product solutions, which can achieve 24/7 continuous dynamic monitoring. This allows for timely capture of transaction anomalies and funding risks, ensuring the safe and compliant circulation of stablecoins.

Table 4-2 Overview of Anti-Money Laundering Technical Solutions Based on Hong Kong Regulatory Requirements

Regulatory Requirements | Solutions --- | --- Continuous monitoring of circulating stablecoins to fulfill anti-money laundering and counter-terrorist financing responsibilities; sufficient ongoing monitoring of peer-to-peer transfers between non-customer non-custodial wallets is also required. | Beosin Stablecoin Monitor (Stablecoin Circulation Risk Monitoring) Implement a transaction monitoring system during issuance and redemption to identify suspicious transactions, screening stablecoin transactions and wallet addresses, using blockchain analysis tools to trace transaction records and identify transactions related to illegal/suspicious activities. | Beosin KYT (Stablecoin Transaction Risk Identification) Properly manage the wallet risks for customers receiving/redeeming stablecoins; due diligence on stablecoin transfer counterparties must assess the type of transfer object. | Beosin KYA (Wallet Risk Screening) Regularly and upon triggering risk events, review counterparty due diligence information and update risk assessments. | Beosin Rescreen (Continuous Monitoring and Periodic Scanning) Use blockchain analysis tools to trace transactions, identify transactions related to illegal/suspicious activities, and immediately investigate upon awareness; report to the financial intelligence unit and follow up if there are suspicions. | Beosin TransTracer (Post-Investigation and Risk Tracking)

4.3.1 Risk Monitoring in Stablecoin Circulation

_Regulatory Text: _"Guidelines for Combating Money Laundering and Terrorist Financing" applicable to licensed stablecoin issuers

Section 5.9: Continuous monitoring of circulating stablecoins is crucial for licensees to fulfill their responsibilities in combating money laundering and terrorist financing.

Section 6.42: Licensees are not required to comply with the provisions of Sections 6.40 to 6.41 regarding peer-to-peer stablecoin transfers between non-customer stablecoin holders' non-custodial wallets. However, licensees should adhere to the guidelines in Sections 5.9 to 5.12 to conduct sufficient ongoing monitoring of circulating stablecoins.

Beosin Stablecoin Monitor continuously monitors the operational status and transaction risks of stablecoin projects, providing in-depth insights into the distribution of stablecoin holders, the flow of stablecoins, and real-time monitoring of stablecoin transactions. By utilizing deep learning algorithms to capture abnormal transaction behaviors and issue alerts, it links with the internal risk control systems of institutions to block the flow of risky funds, assisting issuers and regulatory authorities in closely monitoring stablecoin operational risks. The stablecoin monitoring system can achieve the following functions:

• l Stablecoin issuers can monitor the operational status of contracts in real-time, gaining a comprehensive understanding of the current security status of the stablecoin.
• l Assist stablecoin issuers in screening the risks associated with the sources and destinations of funds, preventing high-risk activities on-chain/off-chain.
• l Help stablecoin issuers monitor the execution of high-level regulatory actions within the contract in real-time, such as issuance, burning, and freezing.
• l Monitor the price anchoring of stablecoins, detecting abnormal price fluctuations in real-time and providing immediate alerts for de-pegging.
• l Possess the ability to identify custodial/non-custodial wallet addresses, enabling issuers to adopt different response strategies for potential risk addresses, especially for peer-to-peer transactions involving non-custodial wallets.

Figure 4-6 Beosin Stablecoin Monitoring - USDT Fund Distribution Monitoring

Figure 4-7 Beosin Stablecoin Monitoring - USDT On-Chain Transaction Risk Alerts

4.3.2 Risk Identification of Stablecoin Transactions and Addresses

Regulatory Text: "Guidelines for Combating Money Laundering and Terrorist Financing" applicable to licensed stablecoin issuers

Section 4.35: Licensees should properly manage any money laundering and terrorist financing risks associated with the wallets used by customers to receive stablecoins issued by the licensee or to return stablecoins upon redemption.

Section 5.4: Licensees should also implement an effective risk-based transaction monitoring system and procedures during issuance and redemption to identify and report suspicious transactions. In addition, licensees should establish and maintain adequate and effective systems and controls to screen stablecoin transactions (i.e., transfers of stablecoins with customers) and related wallet addresses. Licensees should adopt appropriate technological solutions (e.g., blockchain analysis tools) to:

(a) Track the transaction records of stablecoins to more accurately identify the sources and destinations of the stablecoins; and

(b) Identify transactions involving wallet addresses that are directly and/or indirectly related to illegal or suspicious activities/sources or designated persons.

Section 6.32: Due diligence on counterparties for stablecoin transfers generally involves the following procedures:

(a) Determining whether the stablecoin transfer will be conducted with the counterparty or a non-custodial wallet;

In traditional finance, the paths of fund transfers across institutions are often broken and difficult to trace, concealing risks that are hard to detect in a timely manner. However, the traceable nature of blockchain makes the upstream and downstream links of each transaction clear and verifiable. In the technical assessment of stablecoin risks, two main technologies are included: KYT and KYA. The KYT technology assesses whether a transaction's source and destination funds are associated with risky entities. The KYA technology conducts a comprehensive risk assessment of the historical full transaction of a given blockchain address.

Beosin KYT builds a closed-loop prevention and control system around the scenarios of fund inflow and outflow, relying on on-chain fund visualization tracking technology to trace the flow of funds. Combined with risk identification models, it can achieve penetrating risk identification, accurately identifying money laundering, terrorist financing, and other risk nodes hidden in the transaction path.

Beosin KYT provides an easy-to-use interface and professional API integration solutions, allowing for a comprehensive assessment of address and transaction risks related to stablecoin operations. Beosin KYT supports 57 public chains, accumulating over 4.7 billion global address labels, monitoring over 200 money laundering entities in Southeast Asia, and accumulating over 20 million Southeast Asia labels, covering well-known money laundering platforms such as Huobi, Potato, and New Coin, supporting the identification of over 120 cross-chain and exchange protocols, achieving the identification of real funding risks across multiple chain platforms.

Figure 4-8 Beosin Risk Assessment Platform - KYT Transaction Risk Assessment

Beosin KYA supports comprehensive risk screening of blockchain addresses across all asset types, capable of identifying risks associated with all assets, including stablecoin assets. It mainly achieves the following capabilities:

• Conduct a comprehensive risk assessment of bidirectional fund flows, reflecting the overall risk situation of the wallet.
• Perform comprehensive analysis for single or multiple asset types, considering cross-chain money laundering and continuous tracking business scenarios.
• Assist stablecoin issuers in conducting feature analysis of transaction behaviors related to addresses, monitoring abnormal behaviors through rule models and machine learning technologies.

Figure 4-9 Beosin Risk Assessment Platform - KYA Address Risk Assessment

4.3.3 Continuous Monitoring and Periodic Scanning

Regulatory Text: "Guidelines for Combating Money Laundering and Terrorist Financing" applicable to licensed stablecoin issuers

Section 6.36: (b) Regularly and/or upon the occurrence of triggering events (e.g., when the licensee is continuously monitoring stablecoin transfers with counterparties, or from other information (e.g., negative news reports from credible media, or public information indicating that the counterparty has been involved in any targeted financial sanctions, money laundering, or terrorist financing investigations or regulatory actions), review the information obtained from due diligence measures taken regarding stablecoin transfer counterparties as per Section 6.33, and (if applicable) update the risk assessment of the stablecoin transfer counterparties.

Through Beosin Realtime Monitoring's automated address risk status monitoring mechanism, users can add target addresses that need monitoring to a watchlist, achieving 24/7 real-time address score updates. When abnormal transaction behaviors (such as high-frequency small transfers within a short period, or interactions with high-risk addresses) are detected, the system will immediately trigger alerts and reassess the risk level, ensuring that the risk status always reflects the latest security situation.

Beosin Rescreen assists users in scanning target addresses across different dimensions on a regular or scheduled basis. The monitoring system will update the risk scores of target addresses based on multi-dimensional data such as on-chain transaction frequency, fund flow, and associated address risk levels, using machine learning algorithms.

Figure 4-10 Beosin Risk Assessment Platform - Periodic Address Risk Assessment

4.3.4 Post-Investigation and Risk Tracking

Regulatory Text: "Guidelines for Combating Money Laundering and Terrorist Financing" applicable to licensed stablecoin issuers

Section 5.4: Licensees should adopt appropriate technological solutions (e.g., blockchain analysis tools) to:

(a) Track the transaction records of stablecoins to more accurately identify the sources and destinations of the stablecoins; and (b) Identify transactions involving wallet addresses that are directly and/or indirectly related to illegal or suspicious activities/sources or designated persons.

Section 5.12: If a licensee becomes aware of any stablecoin transaction or related wallet address that is directly and/or indirectly related to illegal or suspicious activities/funding sources or designated persons, they should immediately conduct further investigation and analysis. If there are any grounds for suspicion, the licensee should report the suspicious transaction to the financial intelligence unit and take appropriate follow-up actions as described in Chapter 8 of these guidelines.

Beosin TransTracer provides intuitive and straightforward topological analysis views, facilitating stablecoin issuers in conducting in-depth investigations of fund flows related to addresses or transactions. Beosin TransTracer utilizes a multi-dimensional address label database and deep neural network analysis model to track fund flows involved in malicious activities such as money laundering and fraud, penetrating exchange protocols, cross-chain bridges, and other technical barriers to restore the flow paths of risky funds, providing issuers and regulatory authorities with a complete chain of evidence. Its main functions include:

• Risk classification of the source and destination of funds for addresses, automatically tracking transaction links, and quickly identifying and displaying fund paths.
• Supporting automatic penetration of exchanges and cross-chain protocols to reach the final real destination address.
• Supporting multi-currency analysis of multi-chain addresses, allowing for unlimited levels of fund path expansion.
• Supporting accurate route filtering and highlighting based on dimensions such as asset/type, transaction occurrence time, and transaction amount.
• Quickly generating fund flow diagrams/reports to save time for enhanced due diligence/case investigations.

Figure 4-11 Beosin TransTracer - Risk Fund Path Analysis

4.4 Intelligent Analysis of Money Laundering and Other Crimes Involving Digital Assets

With the rapid development of digital assets, their anonymity, global circulation, and low-cost characteristics have been widely exploited by criminals, becoming a primary funding tool for various illegal activities. In cases of telecom fraud, online gambling, drug-related transactions, and online pyramid schemes, criminal gangs transfer funds through digital assets to achieve rapid laundering and conceal the sources of funds.

When tracking the funds in these cases, law enforcement agencies often face the following challenges:

• Technical Entry Barriers: Case analysis involves knowledge of blockchain and transaction patterns, making it costly for investigators to get started.
• Address Anonymity: The roles of on-chain addresses are unclear, making it difficult to easily determine account ownership and identify where to obtain evidence.
• Complex Case Chains: Numerous addresses are involved in the case, and operations through exchanges and cross-chain transactions increase analysis difficulty. Traditional manual methods are time-consuming and inefficient, making it hard to form a complete chain of evidence.
• Concealed Fund Flows: Funds processed through mixing services (e.g., Tornado Cash) further complicate tracking, making manual analysis nearly impossible to penetrate.
• Insufficient Utilization of Open Source Intelligence Clues: Some funds circulate through guarantee platforms, involving multiple money laundering links and teams, making it difficult to uncover the full picture relying solely on on-chain transactions.

In this context, law enforcement agencies need the ability to quickly sort out fund flows, penetrate complex transaction links, and fully utilize open-source intelligence to address the aforementioned challenges.

To equip law enforcement agencies with the necessary capabilities in digital asset cases, Beosin Trace combines full-chain data analysis capabilities with AI intelligent algorithms, forming an efficient and precise intelligent analysis capability for digital asset crimes. Its main functions include:

• Intelligent Learning: Relying on large models and a digital asset crime knowledge base, it provides analytical guidance and intelligent Q&A functions to help law enforcement personnel quickly master digital asset case analysis skills and shorten the learning cycle.
• Address Label Database: Based on different entities and crime types, it labels on-chain addresses, providing over 4.7 billion label data covering dozens of types of addresses, including mainstream exchanges, wallets, mixing platforms, guarantee platforms, fraud and gambling platforms, mining pools, and blockchain games, helping law enforcement personnel quickly identify address roles and significantly improve case analysis and judgment efficiency.
• Automatic Judgment of Involved Funds: In the early stages of case investigation, it is necessary to quickly assess the flow of funds, but manual analysis is not only time-consuming but also prone to missing key information. Beosin Trace can automatically identify the transfer paths of funds, draw clear fund flow diagrams, label key addresses, and generate periodic analysis reports to help law enforcement personnel quickly grasp the core of the case.
• Exchange and Cross-Chain Fund Penetration: When funds are transferred through exchange or cross-chain protocols, Beosin Trace can automatically identify the flow paths of exchanges and cross-chain operations, penetrating to the final real receiving address, ensuring that the fund flow is fully visible.
• Intelligent Discovery of Hidden Clues: When deeply analyzing the funding network of a case, Beosin Trace will comprehensively scan on-chain addresses, automatically identify abnormal transaction behaviors and suspicious addresses, and discover hidden clues that are easily overlooked in manual analysis, making the investigation more comprehensive.
• Tornado Cash Fund Analysis: Beosin Trace utilizes intelligent algorithms to penetrate the Tornado Cash mixing process, restoring the true flow of funds before and after mixing, helping law enforcement personnel efficiently track funds.
• Intelligent Address Profiling: For on-chain addresses of particular concern, Beosin Trace will use AI modeling to analyze address behavior patterns, abnormal fund flows, and associated trading counterparts, quickly generating clear and understandable address profile reports to help law enforcement personnel accurately identify suspect chains.
• Integration and Utilization of Open Source Intelligence: Automatically collect and integrate on-chain data and available open-source intelligence to assist law enforcement personnel in discovering and verifying potential related information, improving the comprehensiveness and accuracy of case analysis.

Figure 4-12 Beosin Trace - Intelligent Judgment Platform

4.5 Chapter Summary

Beosin has built a comprehensive regulatory technology solution covering the entire lifecycle of stablecoins, centered on "source prevention, dynamic monitoring, and precise governance." In terms of stablecoin whitelisting and contract security, it requires licensees to identify the entire operational cycle of tokens, verify the identity of holders, and provide a three-layer contract framework of "stablecoin token contract + agency contract + multi-signature wallet contract," achieving "source prevention" through annual and key node audits of smart contracts and underlying distributed ledgers. In terms of anti-money laundering risk assessment and monitoring, Beosin has launched products such as Stablecoin Monitor (24/7 monitoring of stablecoin operations and transaction risks), KYT (tracking fund flows and identifying risk nodes), KYA (risk screening for all types of wallets), Rescreen (continuous monitoring and periodic scanning), and TransTracer (post-investigation and risk tracking) to achieve "dynamic monitoring." At the same time, in response to the complex trends of digital asset money laundering crimes, Beosin Trace engine builds a full-process intelligent judgment capability to assist law enforcement personnel in efficiently conducting case investigations, achieving "precise governance."

Chapter 5 Recommendations for the Development of the Anti-Money Laundering Ecosystem

5.1 Industry Self-Regulation and Collaborative Governance Mechanisms

Building an industry self-regulatory system to strengthen anti-money laundering capabilities has become an important consensus in the global digital asset field. Against this backdrop, the Hong Kong Virtual Asset Industry Association (HKVAIA) officially established the Digital Asset Anti-Money Laundering Committee (DAAMC) on August 19, 2025, marking a key step in Hong Kong's efforts to build a compliant ecosystem for digital assets. As an industry-led non-profit organization, DAAMC focuses its mission on three core areas: first, promoting the construction of a compliant issuance framework for stablecoins in Hong Kong; second, strengthening the financial integrity defense line of the digital asset ecosystem; and third, facilitating deep collaboration among licensed financial institutions. DAAMC will achieve an organic balance between regulatory requirements and business practices through the establishment of an industry consensus mechanism.

In terms of compliance practices, DAAMC will benchmark against the "Anti-Money Laundering and Counter-Terrorist Financing Guidelines (Applicable to Licensed Stablecoin Issuers)" and the regulatory guidelines for licensed stablecoin issuers issued by the Hong Kong Monetary Authority (HKMA), while closely tracking the development trends of emerging compliance standards such as global on-chain identity verification, ensuring that regulated stablecoins in Hong Kong achieve a dynamic balance between controllable risks and sustainable business development, accelerating the mainstream application process of stablecoins.

HashKey Group, Pionex Innovation Technology Co., Ltd., Beosin, and Slow Mist Technology, as founding members of DAAMC, aim to explore innovative solutions for compliant stablecoins through offline seminars, closed-door exchanges, and other means, driving high-quality collaborative development in the digital asset industry.

Figure 5-1 DAAMC Joint Statement

5.2 Promoting Collaborative Mechanisms Across Government and Inter-Departmental Coordination

The government should promote the establishment of a comprehensive governance collaboration system at the government level, integrating the resources and professional capabilities of various functional departments such as prevention, law enforcement, regulation, and financial victim protection. By establishing an efficient coordination mechanism, effectively breaking down departmental barriers, a full-cycle governance closed loop of "prevention-investigation-disposal-protection" can be formed, achieving synchronous resonance in policy formulation and execution, significantly enhancing the multi-dimensional prevention and control capabilities against digital asset crimes. This collaborative governance model not only aligns with international anti-money laundering standards but also adapts to the evolving criminal patterns in the digital economy era, providing institutional guarantees for building financial security barriers.

5.2.1 Establishing Inter-Departmental Coordination Agencies

Establish a regular joint meeting system among departments such as finance, financial regulation, public security, and cybersecurity. Referencing FATF international standards, develop a unified digital asset risk assessment framework to ensure consistency in regulatory policies.

5.2.2 Building a Collaborative Capability System

Joint training programs should focus on specialized skills training in blockchain forensics, digital asset tracking, etc. Conduct scenario-based practical drills simulating typical criminal patterns such as cross-border fund transfers and mixing services to enhance inter-departmental collaborative combat capabilities.

5.2.3 Optimizing Fund Disposal Processes

Establish a comprehensive disposal system covering "monitoring-freezing-recovery-returning," introducing blockchain traceability technology to enhance fund penetration capabilities. Develop standardized operational guidelines to clarify the responsibilities and time requirements of financial institutions and law enforcement agencies.

5.2.4 Creating a Data Sharing Hub

Build a cross-departmental data sharing platform to achieve interconnectivity of financial transaction data, communication records, and intelligence information under a compliance framework. Utilize privacy computing technology to conduct joint analysis while ensuring data security.

5.3 Strengthening User Security Awareness and Training System Construction

Users need to enhance their awareness of preventing digital asset crimes to avoid involvement in illegal fund transfers and other violations. In the process of digital asset inflow and outflow, users should pay attention to fund risk screening and can use professional and user-friendly digital asset risk screening tools (such as Beosin KYA Lite) to quickly complete fund risk identification, effectively avoiding risks such as account freezing and fund loss due to receiving contaminated funds.

In addition, building and continuously improving a multi-dimensional and multi-level user security education system is a fundamental key measure to prevent crime risks in the digital asset field. This system should coordinate the efforts of government regulation, market entities, and the general public to form a "trinity" collaborative governance mechanism, consolidating the financial security defense line.

5.3.1 Building a Risk Awareness Enhancement Framework

To help users more clearly identify risks, a cognitive enhancement system should be built relying on multiple forces. From the government side, regulatory and law enforcement departments can enhance capabilities in blockchain forensics and digital asset tracking through specialized training; at the enterprise level, digital asset service providers should establish employee compliance training systems; at the social level, the government and enterprises can actively promote activities such as "Digital Financial Security into Communities" to expand the coverage of financial security awareness education.

5.3.2 Innovating Public Education Implementation Paths

In terms of public education formats, consider developing immersive educational scenarios, flexibly using short videos, VR, and role-playing games to simulate criminal scenarios involving digital assets (such as online fraud, online gambling, and money laundering), increasing public awareness of related crime risks; among the target audience, digital asset investors and cross-border traders are vulnerable groups and should receive more refined risk prevention education; stablecoin issuers and regulatory agencies should consider regularly issuing risk alerts and analyses of typical criminal methods to the public, strengthening the warning effect through real cases.

5.3.3 Popularizing the Use of Digital Asset Risk Screening Tools

Digital asset risk screening tools can help ordinary users score risks for on-chain addresses and transactions, identify risk entities and risk fund flows, reducing the probability of users interacting with high-risk addresses, thereby avoiding issues such as fund freezing and involvement in money laundering activities from the source. Considering the asset security needs of individual users, Beosin will soon launch a digital asset risk screening tool suitable for ordinary users, Beosin KYA Lite, providing convenient and accurate risk screening for their wallet address's daily interactions.

References

• "Regulatory Guidelines for Licensed Stablecoin Issuers under the Stablecoin Ordinance," Hong Kong Monetary Authority (HKMA), August 2025.
• "Guidelines for Combating Money Laundering and Terrorist Financing (Applicable to Licensed Stablecoin Issuers)," Hong Kong Monetary Authority (HKMA), August 2025.
• "Summary of the Licensing System for Stablecoin Issuers," Hong Kong Monetary Authority (HKMA), July 2025.
• "Summary of Transitional Provisions for Existing Stablecoin Issuers," Hong Kong Monetary Authority (HKMA), July 2025.
• "Consultation Document on Legislative Proposals for Implementing a Regulatory System for Stablecoin Issuers in Hong Kong," Hong Kong Monetary Authority (HKMA) and the Financial Services and the Treasury Bureau, December 27, 2023.
• "Press Release: Implementation of the Regulatory System for Stablecoin Issuers," Hong Kong Monetary Authority (HKMA), July 29, 2025.
• "Press Release: HKMA Announces Participants in the Stablecoin Issuer 'Sandbox'," Hong Kong Monetary Authority (HKMA), July 18, 2024.
• "Press Release: Legislative Council Passes the Stablecoin Ordinance," Hong Kong Monetary Authority (HKMA), May 21, 2025.
• "Insight: Stablecoin Regulation: A New Era for Digital Assets in Hong Kong," Hong Kong Monetary Authority (HKMA), June 23, 2025.
• "2024 Hong Kong Cryptocurrency Regulation," ComplyCube.
• "Stablecoins: Hong Kong Proposes Licensing and Regulatory System for Issuers," King & Wood Mallesons.
• "Proposed Stablecoin Regulatory System in Hong Kong: Key Points," King & Wood Mallesons.
• "Hong Kong Stablecoin Regulatory Policy: Industry Commentary," Eastmoney.com.
• "New Regulations on Stablecoins in Hong Kong: Legal Analysis," Yingke Law Firm.
• "The Era of Stablecoins in Hong Kong Officially Begins - Part One: The Passage of the Stablecoin Ordinance Draft Opens a New Chapter," JunHe Law Firm, May 30, 2025.
• "Securities and Futures Ordinance" (Hong Kong Legislation Chapter 571).
• "Anti-Money Laundering and Terrorist Financing Ordinance" (Hong Kong Legislation Chapter 615).
• "Stablecoin Ordinance" (Hong Kong Legislation Chapter 656).
• 2025 Update on U.S. Stablecoin Legislation, Womble Bond Dickinson.
• U.S. "GENIUS Act" Officially Becomes Law: A Regulatory Framework for Compliant Stablecoins, King & Wood Mallesons, July 23, 2025.
• Analysis of Differences Between the GENIUS Act and Hong Kong Stablecoin Ordinance in Custodial Requirements and Cross-Border Impacts, Tianyuan Law Firm, June 4, 2025.
• What Are the Specific Roles of OCC, the Federal Reserve, and SCRC in the GENIUS Act?, Tianyuan Law Firm, June 4, 2025.
• New Stablecoin Legislation: Analyzing the "GENIUS Act," Arnold & Porter, July 2025.
• Comparison of Stablecoin Capital Requirements in the U.S. and Hong Kong, Hong Kong Legislative Council, February 11, 2025.
• Inflection Point: Global Implications of Scam Centres, Underground Banking and Illicit Online Marketplaces in Southeast Asia, UNODC, April 2025.
• Decrypting Crypto: How to Estimate International Stablecoin Flows, International Monetary Fund, July 2025.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。