Treasury Releases 2026 Report on Technologies Countering Illicit Finance Involving Digital Assets

Key Takeaways

• The U.S. Department of the Treasury’s recent report on countering illicit finance involving digital assets urges a technology-neutral, risk-based AML/CFT approach for digital assets, highlighting rapid innovation (AI, digital identity, APIs, and blockchain analytics) alongside rising misuse by sanctioned actors and criminal groups.
• While imposing no new requirements, Treasury signals that institutions should modernize controls now—integrating advanced monitoring and identity solutions—rather than wait for perfect clarity, as standards and expectations are accelerating.
• The report calls for congressional action to clarify obligations for digital asset service providers and highly decentralized DeFi protocols, including potential new statutory tools and standardized frameworks to address current legal and regulatory gaps.
• Treasury highlights the need for guidance or legislative fixes for certain longstanding Bank Secrecy Act (BSA) challenges, including the use of digital credentials for purposes of the customer identification program rule, broadening the special-measures provisions and information-sharing provisions in sections 311 and 314(b) of the USA PATRIOT Act, integrating AI into AML/CFT processes, and reallocating resources to focus on the highest-risk priorities.   

Background

On March 6, 2026, the U.S. Department of the Treasury released its congressionally mandated Report on Innovative Technologies to Counter Illicit Finance Involving Digital Assets (the Report). Required under the GENIUS Act, the Report reflects months of research; industry engagement; public feedback; and consultation with federal banking and security agencies, financial technology companies, and law enforcement.

The Report addresses a central issue for the digital assets industry in 2026—namely, how the U.S. anti-money laundering/countering the financing of terrorism (AML/CFT) regulations can keep pace with both financial innovation, especially in digital assets, and the evolving nature of illicit finance threats facing the U.S. financial system. Through the GENIUS Act, Congress tasked Treasury with reviewing existing and emerging tools (such as AI, application programming interfaces (APIs), digital identity, and blockchain analytics), assessing current regulatory and enforcement challenges, and making recommendations for both the industry and future legislation. 

Overview of Report

Risk Assessment and Regulatory Framework and Priorities

Treasury begins the Report by providing a risk assessment of the digital assets space, warning that illicit actors are taking advantage of the rapid growth in the digital asset industry. Fraudsters, ransomware groups, transnational criminal organizations, and sanctioned states—including North Korea, Russia, and Iran—are increasingly turning to digital assets to transfer and conceal funds. Treasury identifies several systemic vulnerabilities in the ecosystem, including jurisdictional arbitrage, where digital asset service providers operate from less regulated jurisdictions that do not adhere to the global AML/CFT standards established by the Financial Action Task Force; failures to comply with U.S. AML/CFT obligations under the BSA and sanctions laws; and the misuse of convenient and accessible digital asset kiosks by scammers directing victims to those that lack robust AML/CFT controls.

Treasury further addresses vulnerabilities created by obfuscation mechanisms, such as mixing; bridging, where certain assets are exchanged for others on a different blockchain through entities known as bridges; and swapping, where one asset is directly exchanged for another. Mixers, tumblers, and cross‑chain bridges are often used alongside stablecoins in the laundering process when moving digital assets between blockchains and/or in the last phase of the transaction to convert to fiat currency. Treasury observes that these tools can materially complicate tracing and enforcement, while also acknowledging that some users rely on them for legitimate reasons, such as financial privacy.

Despite the unique challenges posed by illicit actors using digital assets, Treasury reaffirmed the United States’ commitment to a technology-neutral and risk-based approach to regulation to empower financial institutions to focus their resources on effectively addressing their unique risks and using technologies to do so, while dedicating their most substantial resources to high-risk areas and deprioritizing lower risks. Treasury noted that digital asset service providers (DASPs) generally fall within the scope of existing anti-money laundering laws based on the activities they perform wholly or substantially in the United States. However, Treasury also recognized that the current legal framework does not fully address all the nuances of decentralized protocols and recommended that Congress consider new legislation that would clarify where DASPs would fall within this framework (and where they would not), as well as develop new categories that address the complexities and novelties of the industry.

Artificial Intelligence

The Report discusses the rapid expansion of AI-based AML tools for monitoring, detection, and reporting—especially those that can analyze blockchain activity, identify typologies (such as mixing/tumbling services), and flag outlier behavior. Treasury acknowledged that AI improves transaction pattern recognition and reduces false positives, though it also noted that obstacles remain, including a lack of standardized data, limited regulator expertise, and risks associated with the “explainability” of AI decisions. Although DASPs and other financial institutions have piloted and adopted these tools, industry uptake is uneven, and quality varies widely, sometimes driven by prohibitive costs associated with integrating these tools for smaller entities. Treasury specifically recommends that it issue guidance, statements of support, or FAQs, as appropriate, to further encourage financial institutions to leverage AI as a part of risk-based AML/CFT policies and procedures. 

Digital Identity

The Report covers innovative approaches for identity verification, including digital identity wallets, remote onboarding, biometric verification, and adapting tools to counter deepfakes and synthetic identity fraud. Public/private digital identity pilots have been successful, but friction remains, including a lack of common standards, persistent reliance on legacy identity documents, and limited legal frameworks for cross-industry or cross-border digital identity verification. Treasury explores options for government involvement, including developing or certifying digital credentials that can be used consistently across regulated entities, and specifically recommends that it issue guidance on how financial institutions can use digital credentials consistent with their existing customer identification program obligations. Treasury also recommends that it work with Congress on legislation to incentivize the development and integration of digital identity tools and better enable third-party service providers to conduct identity verification and issue identity credentials that can be accepted by financial institutions.

Blockchain Monitoring and Analytics

The Report explores the growing reliance on blockchain analytics to counter illicit finance with digital assets. These tools can deanonymize wallets, trace flows, and link on-chain to off-chain identities as critical to both private-sector compliance programs and law enforcement investigations. Treasury focuses on technical and legal limitations, such as how mixers, privacy coins, and cross-chain bridges make tracing difficult. The Report also notes that different providers offer varying depth and accuracy in analytics. The Report calls for more robust standards and best practices for these tools and for regulatory clarity on acceptable and prohibited uses of enhanced privacy technologies, especially within decentralized finance (DeFi). Treasury specifically recommends that it promote blockchain-related illicit finance insights and indicators between and among financial institutions and blockchain analytics firms, as well as work with Congress on legislative amendments to update the frameworks for voluntary information sharing among financial institutions (section 314(b) of the USA PATRIOT Act), including the permissibility of sharing in relation to fraud detection and prevention. 

Application Programming Interfaces

The Report describes APIs as critical infrastructure for modern AML/CFT compliance—enabling the integration of blockchain analytics, digital identity solutions, and sanctions screening platforms for improved monitoring and response. Treasury emphasizes the need for standards to support interoperability and privacy, highlighting model frameworks (such as the National Institute of Standards and Technology’s efforts and Treasury’s own programs) while encouraging expanded industry adoption. The Report further notes that pre-transaction risk assessment through API integration is invaluable but requires further guidance to ensure consistency and effectiveness across institutions and platforms. Treasury specifically recommends that it encourage industry stakeholders to develop open-source and standardized APIs for essential compliance functions—reducing obstacles for smaller community banks and nonbank financial institutions to adopt, as well as encouraging the development of APIs with robust encryption protocols and strict access controls to safeguard sensitive financial and personal data. 

Decentralized Finance

The Report recognizes that the current AML legal framework fails to fully account for DeFi protocols that are highly decentralized. Treasury recommends that Congress pass new legislation to clarify which DeFi actors should have responsibilities under the BSA, as well as the scope of those responsibilities in light of how these technologies function. Treasury specifically recommends a new Section 311 “special measure” that would include broader coverage of the digital asset industry and allow Treasury to prohibit or impose conditions upon fund transmissions that are not tied to a correspondent banking relationship.

Final Thoughts

The Report stakes out an active and pragmatic role for U.S. leadership in AML/CFT—urging innovation while making clear that regulation, supervision, and statutory definitions must also evolve. Treasury recognizes that modern tools—AI, digital identity, APIs, and blockchain analytics—have enormous potential to strengthen illicit finance controls, but only if integrated through coherent, risk-based programs supported by standardized protocols and regulatory and legislative clarity.

The Report acknowledges that gaps exist in current law, and it repeatedly calls on Congress to take action to provide the digital assets industry with necessary clarity. Treasury also repeatedly recognizes the importance of ongoing collaboration and cooperation between industry participants and regulators to better understand these evolving technologies and how best to use them to combat illicit finance. 

Treasury also recognizes the need for guidance or legislative fixes for certain longstanding BSA challenges, including the use of digital credentials for purposes of the customer identification program rule, broadening the special measure provisions and information sharing provisions set forth in Sections 311 and 314(b) of the USA PATRIOT Act, integrating AI into monitoring and other processes, and reallocating resources to highest-risk priorities.   

While the Report provides a roadmap and framework for how the existing legal framework can incorporate and address evolving technologies, it does not impose any new mandatory requirements on the industry. While the Report’s tone is pragmatic and measured, the underlying message is clear that institutions that do not invest in modernizing their controls, or who wait for perfect legal clarity before doing so, will be left behind by both regulatory expectation and emerging risk. The Report also underscores the urgency for congressional action to provide greater clarity to the digital assets industry.