New Global Encryption Regulatory Landscape: Interpretation of FATF Report and Outlook for 2026

In June 2025, the Financial Action Task Force (FATF) released its sixth update report on the regulation of encryption assets. The report's results are striking: only 1 jurisdiction worldwide has reached the "fully compliant" standard for virtual asset regulation, while 20% of countries remain in a "non-compliant" status. At the same time, North Korean hackers have stolen a record $1.46 billion in encryption assets, stablecoins have become the new favorite for money laundering activities, and the regulation of decentralized finance (DeFi) still faces numerous challenges.

This report reveals the latest dynamics of global encryption regulation, providing important references for industry development. This article will deeply interpret the six key findings of the FATF's latest report and discuss important changes that may occur in encryption regulation by 2026.

Introduction to FATF: Global Standard Setter for Anti-Money Laundering

The FATF was established in 1989 and is the authoritative standard-setting body in the field of global anti-money laundering and counter-terrorist financing. This intergovernmental organization, composed of 39 member countries and regional organizations, has its anti-money laundering recommendations regarded as an important global guideline for AML/CFT.

For the encryption industry, the most critical document from the FATF is Recommendation 15 (R.15), which first incorporated virtual assets and virtual asset service providers (VASP) into the anti-money laundering regulatory framework in 2019. According to this recommendation, VASP is required to fulfill compliance obligations such as customer due diligence, transaction monitoring, and suspicious transaction reporting, similar to the requirements for traditional financial institutions.

The FATF transforms its recommendations into rules that countries must comply with through peer reviews and the "grey list" system. Being placed on the FATF grey list can lead to serious consequences such as disruptions in international remittances, foreign capital withdrawal, and downgrading of credit ratings, which is why countries strive to avoid it.

For encryption practitioners, understanding the FATF standards is to understand the basic framework of global regulation. This helps to anticipate regulatory trends, proactively lay out compliance systems, and better conduct business globally.

Six Key Findings of the 2025 FATF Report

1. Global compliance progress is slow but steady.

As of April 2025, among the 138 jurisdictions that have accepted assessment:

• Only 1 jurisdiction (Bahamas) is fully compliant
• 29% basic compliance, slightly improved compared to 25% in 2024
• 49% Partially Compliant
• 21% non-compliance, a decrease from 25% in 2024

2. Risk response remains a major challenge

76% of the surveyed jurisdictions reported that they have conducted risk assessments on virtual assets and VASPs, up from 71% in 2024. However, many jurisdictions still face difficulties in implementing preventive measures. Only 40 jurisdictions met the requirements under the standard of "assessing risks and taking a risk-based approach."

3. The divergence of regulatory paths intensifies

• 62% of jurisdictions choose to allow virtual assets and VASP operations
• 20% chose to completely prohibit encryption activities, a significant increase compared to 14% in 2024.
• 18% still undecided on regulatory direction

It is noteworthy that partial bans (rather than complete bans) are becoming a new trend: 48% of jurisdictions that impose bans choose to partially prohibit specific virtual asset/VASP activities instead of imposing a total ban.

4. Breakthrough progress has been made in the implementation of the Travel Rule.

73% of jurisdictions (85) have enacted legislation to implement the Travel Rule, with the absolute number increasing from 65 in 2024 to 85, demonstrating substantial progress.

The Travel Rule requires VASPs to obtain, retain, and transmit specific information about the remitter and the recipient when transferring virtual assets, essentially extending the KYC requirements of traditional finance into the encryption space.

5. Stablecoins become the new favorite for money laundering

The report points out that stablecoins are becoming the preferred tool for illegal actors.

• Most on-chain illegal activities now involve stablecoins.
• Criminals use stablecoins in conjunction with anonymity-enhancing tools to layer funds.
• Certain stablecoins are particularly favored by malicious actors for use on specific networks.

6. North Korean hackers set a new record

In 2025, North Korean hackers stole virtual assets worth $1.46 billion from an encryption exchange, setting a record for the largest single theft in history. Ultimately, less than 4% of the stolen funds were recovered.

These six discoveries reveal that global encryption regulation is moving from a "chaotic period" to an "orderly period", but this process is more convoluted than expected. Most countries know what to do, but very few actually accomplish it, reflecting the fundamental challenge of encryption regulation: how to establish an effective regulatory system that does not stifle innovation in a rapidly evolving technological landscape.

Overview of Black and Gray List Countries

The FATF's gray and black lists have a significant impact on global financial markets. The blacklist includes three major countries: North Korea, Iran, and Myanmar, and any financial dealings with these countries could lead to serious consequences.

The gray list presents three major trends:

1. Africa has become a disaster zone, with 12 countries on the list.
2. The regulation of encryption hotspots such as Nigeria and Vietnam is seriously lagging behind.
3. Offshore financial centers such as the British Virgin Islands and Monaco are paying the price for their past lax regulations.

2026 Regulatory Outlook

The FATF plans to release three important reports in 2026:

1. Stablecoin Special Report (Q1 2026) Focus on the standards for reserve transparency, the definition of decoupling responsibilities, and cross-chain regulation.

2. Offshore VASP Report (2025-2026) Discuss the boundaries of "long-arm jurisdiction", data localization, and cross-border law enforcement issues.

3. DeFi Regulatory Guidelines (2025-2026) Focus on the identification of responsible entities, the legal status of decentralized autonomous organizations (DAO), and the auditing of smart contracts.

These reports will provide direction for global encryption regulation in the next 1-2 years. For encryption companies, closely monitoring the developments of the FATF and promptly adjusting compliance strategies will be key to gaining an advantage in the fierce market competition.

Overall, global encryption regulation is transitioning from "barbaric growth" to "regulated development". Although currently only one jurisdiction has achieved full compliance, this also indicates the enormous development space and market opportunities for the encryption industry. In the future, compliance will no longer be optional, but a necessary condition for entering the market, as well as an important source for companies to build competitive advantages.