Risk and Compliance Report for Crypto-Asset Service Providers (CASPs) Week Ending: 7 November 2025
- James Ross
- Nov 8
- 6 min read
Executive Summary
This week, the digital asset regulatory landscape was dominated by a pivotal proposed shift in EU supervisory architecture, a landmark enforcement action in Ireland, and a coordinated initiative aimed at promoting UK-US policy convergence.
In the European Union, a new European Commission proposal initiated a significant debate on transitioning from MiCA’s extant national-based supervisory model to a centralised, ESMA-led pan-EU framework for significant CASPs. This push for harmonisation was underscored by a €21.46 million fine levied by the Central Bank of Ireland against Coinbase, setting a material precedent for AML/CTF compliance deficiencies, particularly in transaction monitoring, and signalling the heightened supervisory expectations under the forthcoming AMLA regime.
In the United Kingdom, policy crystallised around bilateral transatlantic cooperation. HM Treasury and the Bank of England announced a formal “Transatlantic Taskforce” with the U.S. to foster regulatory interoperability, primarily focused on stablecoins. Domestically, HMT launched a consultation to streamline the AML/CTF supervisory architecture under the FCA, including delegating ministerial approval for JMLSG guidance updates.
In the United States, a prolonged federal government shutdown has stalled all non-essential rulemaking and technical consultations at the SEC and CFTC. In this context, the Federal Reserve provided the week’s most significant policy signal through a speech by Governor Miran, who articulated a supportive stance towards the new “GENIUS Act” stablecoin framework as a mechanism to bolster U.S. dollar primacy in global settlement.
Globally, the FATF has issued new guidance aimed at enhancing the capabilities of law enforcement agencies (LEAs) for on-chain forensics and asset tracing, implying escalated expectations for CASP technical cooperation in asset recovery protocols.
Table: Actionable Compliance Roadmap (Week of Nov 7, 2025)
Development | Priority | Recommended Internal Action | Affected Business Units |
CBI €21.46 Fine vs. Coinbase | HIGH | Launch an immediate, privileged audit of the Transaction Monitoring System (TMS) for technical integrity, governance, and change management. | Legal, Compliance, Engineering/Tech, Internal Audit |
Stablecoin Divergence (US vs. UK vs. EU) (Sec III) | HIGH | Abandon “one-size-fits-all” stablecoin strategy. Develop three distinct product/compliance roadmaps for the US (GENIUS), UK (Holding Caps), and EU (ESRB Prohibition Threat). | Strategy, Product, Legal, Compliance |
EU ESMA Centralisation | MEDIUM | Begin tracking “active EU users” against the 15M threshold—scope resources for an “ESMA-Ready” program (direct supervision, higher fees). | EU Compliance, Strategy, Finance |
US Gov’t Shutdown | MEDIUM | Revise all US product launch timelines (e.g., ETPs) to “indefinite.” Re-allocate product/legal resources to non-US markets. | US Strategy, Product, Legal |
UK OFSI Reporting | IMMEDIATE | Confirm the UK compliance team has submitted the annual frozen asset report. | UK Compliance |
Gibraltar VASP Change | IMMEDIATE | (For firms with a GI entity) File a 14-day notification. Begin Part 7 application, mapping compliance to all “10 Core Principles” (Table 2). | GI Compliance, Legal |
FATF Asset Recovery | LOW | Review new guidance. Brief legal/compliance on enhanced expectations for law enforcement cooperation (e.g., speed of freeze/seize). | Compliance, Legal, Security |
IMF G20 DGI-3 | LOW (Long-Term) | Task data/engineering leads to review DGI-3’s “common data templates” and build future reporting capabilities for client/asset data. | Data Architecture, Engineering, Compliance |
Key Developments
1. European Union
Policy: European Commission Proposes Centralised ESMA-Led CASP Supervision
The Development: The European Commission (EC) introduced a draft proposal to amend the EU’s financial supervisory architecture. The proposal would grant the European Securities and Markets Authority (ESMA) direct, pan-EU prudential and conduct supervisory authority over a new category of “significant” cross-border financial entities, explicitly encompassing CASPs.
Impact & Analysis: This proposal, long advocated for by national regulators such as France’s AMF and ACPR, would fundamentally rearchitect the Markets in Crypto-Assets (MiCA) framework. It seeks to move beyond the current model of home-state supervision by National Competent Authorities (NCAs) to prevent regulatory and supervisory arbitrage. The legislative file now faces debate in the European Parliament and the Council of the EU, where it confronts a political schism between member states favouring supranational centralisation and those defending the primacy of their NCAs.
Enforcement: Central Bank of Ireland Levies €21.46 Fine on Coinbase
The Development: The Central Bank of Ireland (CBI) fined Coinbase Europe Limited €21.46 million for severe contraventions of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended), which implements the EU’s AML/CTF directives.
Impact & Analysis: This landmark fine—one of the largest against a CASP in Europe—sets a critical supervisory benchmark ahead of MiCA and the Anti-Money Laundering Authority’s (AMLA) assumption of its direct supervisory mandate. The CBI’s findings focused on systemic deficiencies in Coinbase’s transaction monitoring (TM) framework, which failed to adequately monitor €176 billion in transactions, resulting in 2,708 late Suspicious Transaction Reports (STRs). This action establishes a high bar for the design, calibration, independent validation, and governance of AML/CTF systems for all CASPs seeking EU authorisation.
Macroprudential & Monetary Policy
Digital Euro: The European Central Bank (ECB) project for a digital euro officially entered its “next phase.” This was met with a formal statement from 14 private-sector banks warning the European Parliament that the project, as designed, could “disintermediate or subvert” private-sector payment innovations.
ESRB Stablecoin Warning: The European Systemic Risk Board’s (ESRB) October report was notable for its analysis. The ESRB issued a formal recommendation to the EC, clarifying that schemes involving “third-country multi-issuer stablecoin schemes” are prima facie incompatible with MiCA, citing unmanageable financial stability risks stemming from contagion vectors and the potential for sudden, large-scale reserve draining.
2. United Kingdom
Policy: UK-US “Transatlantic Taskforce” to Harmonise Stablecoin Regulation
The Development: HM Treasury and the Bank of England (BoE) announced a coordinated policy to align the UK’s forthcoming systemic stablecoin regime with that of the United States.
Impact & Analysis: This will be operationalised via a new bilateral working group, the “Transatlantic Taskforce for Markets of the Future,” co-chaired by HMT and the U.S. Treasury. The objective is to prevent cross-jurisdictional regulatory fragmentation and create a seamless and coherent operational environment for firms, particularly stablecoin issuers. This signals a strategic priority for regulatory and market interoperability between the two dominant Anglosphere financial centres.
Domestic Regulation: HMT Proposes AML & Payments Framework Reforms
AML Supervision: HM Treasury published a consultation on reforming the UK’s AML/CTF supervisory architecture (Nov 6). A key proposal would delegate HM Treasury’s approval of industry guidance—such as from the Joint Money Laundering Steering Group (JMLSG)—directly to the relevant statutory supervisor (the FCA for CASPs). This would make revisions to crypto-asset AML guidance (Part II, Sector 22) significantly more responsive and agile.
Payments Strategy: HMT and the BoE’s Payments Vision Delivery Committee published a “Strategy for future retail payments infrastructure” (Nov 7), which explicitly mandates that the UK’s New Payments Architecture (NPA) must be future-proofed to support and interoperate with “tokenised deposits and stablecoins.”
OFSI: The Office of Financial Sanchttp://localhost:8080/tions Implementation (OFSI) issued a compliance advisory for the mandatory 2025 annual frozen asset reporting deadline (Nov 30), which applies to all CASPs holding sanctioned assets.
3. United States
Policy: Federal Reserve Governor Endorses “GENIUS Act” Stablecoin Framework
The Development: In a significant speech, Federal Reserve Governor Stephen Miran provided a strong policy signal endorsing stablecoins operating within the prudential framework of the recently passed “Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act.”
Impact & Analysis: Governor Miran articulated a view of dollar-denominated stablecoins as a key mechanism for reinforcing the U.S. dollar’s global primacy as a settlement asset. This represents a significant and positive policy signal from the central bank, diverging from the Board’s previously more circumspect tone.
Operations: Federal Shutdown Halts SEC & CFTC Rulemaking
The Development: The ongoing federal government shutdown has resulted in the furlough of all non-essential staff and contract personnel at the SEC and CFTC.
Impact & Analysis: All non-emergency rulemaking dockets, review of registrations and filings (including crypto ETP S-1s/19b-4s), and technical consultations with Congress are frozen. This has stalled the SEC’s enforcement and rulemaking agendas (dubbed “Project Crypto”) and delayed legislative progress on the House-passed FIT 21 Act, which remains with the Senate.
4. Global & Jurisdictional
AML/CTF: FATF Issues Guidance on Virtual Asset Seizure
The Development: The Financial Action Task Force (FATF) published new “Asset Recovery Guidance” (Nov 4) with a dedicated annexe on virtual assets (VAs).
Impact & Analysis: The guidance urges jurisdictions to equip their LEAs with the requisite technical, legal, and operational capabilities for on-chain tracing and seizure. This signals a new global policy emphasis on asset recovery, which will increase supervisory and law enforcement pressure on CASPs to provide timely technical assistance and transaction data to facilitate these seizures.
Data & Reporting: IMF Publishes G20 Data Gaps Progress Report
The Development: The International Monetary Fund (IMF) published a progress report (Nov 7) on the “Third Phase of the G20 Data Gaps Initiative (DGI-3).”
Impact & Analysis: This report confirms that data collection on “digital money” (Recommendation 11) is a key workstream. The initiative is developing a standardised global template for collecting granular data on crypto-assets and stablecoins, which will ultimately translate into new, standardised regulatory reporting requirements for CASPs to facilitate macroprudential monitoring.
Jurisdictional: Gibraltar (GFSC) Harmonises VASP and DLT Regimes
The Development: Firms in Gibraltar are responding to the new Financial Services (Regulated Activities) (Amendment) Regulations 2025, enacted in late October.
Impact & Analysis: This legislative consolidation repeals the standalone AML-only registration regime for Virtual Asset Service Providers (VASPs) (e.g., exchanges) and requires them to obtain a full “Part 7” DLT Provider permission. This harmonises the GFSC’s regulatory framework, subjecting all Gibraltar-domiciled CASPs to the full suite of standards, including the 10 Core Principles of prudential and conduct regulation.
#Crypto #DigitalAssets #Regulation #Compliance #FinTech #MiCA #AML #CTF #Stablecoins #ESMA #FATF #RiskManagement
Comments