Banking on Crypto: Navigating Fraud and Compliance Risks in an Evolving Regulatory Landscape
As banks enter the cryptocurrency and stablecoin space to meet customer demand and increase profit margins, they’re encountering fast-evolving fraud risks. Crypto is a lucrative business opportunity for fraudsters: according to the FBI’s Internet Crime Complaint Center (IC3) 2024 Annual Report, cryptocurrency played a major role in cybercrime losses reported last year. Approximately 150,000 complaints involved the use of digital assets, amounting to $9.3 billion (USD) in losses—a 66% increase from 2023.
With limited federal oversight in place,11 states have stepped in with laws aimed at curbing fraud - but a national framework is still missing.
Without comprehensive federal-level regulation, banks struggle to manage crypto’s unique risks that come with anonymity, decentralized platforms and rapid cross-border transfers. This makes it harder to comply with anti-money laundering (AML), know-your-customer (KYC), and global sanctions rules, putting banks at risk of regulatory penalties and reputational harm.
Innovation is outpacing regulations
KYC is one example of how tech can leapfrog policy, leaving loopholes for fraudsters. Established in 1970 under the Bank Secrecy Act (BSA), KYC requirements were expanded and strengthened after 9/11 under the Patriot Act.
KYC allows banks to verify the identity of their customers, understand their behavior, and assess and monitor the risk of illegal activities such as money laundering, terrorism financing, as well as fraud. While KYC aims to prevent fraud, money laundering, and other nefarious activities, it has not kept up with the pace of technology advancements. For example, fraudsters excel at evading KYC safeguards by using synthetic identities to bypass attacks. It can also create significant friction for bank customers, particularly when requirements are cumbersome, invasive, or inconsistent across jurisdictions.
Weak crypto regulation is a recipe for disaster
Some banks are entering crypto trading or partnering with exchanges, but at a cost. Crypto is lightly regulated, often lacking basic oversight. As a result, scams like rug pulls, Ponzi schemes and phishing attacks thrive.
Many consumers don’t understand how crypto works, making them easy targets. Pig butchering is one such scam that is proliferating globally. According to one source, pig butchering scams stole $5.5B from crypto investors in 2024. Unlike bank deposits guaranteed by the FDIC, once crypto is stolen, the funds are extremely difficult, or even impossible to recover.
Stablecoin may drive greater adoption of crypto because it’s easier for consumers to understand and doesn’t have the inherent uncertainty and volatility of price changes as it is directly tied to the dollar. However, it’s also equally as risky in cases where money is stolen, or fraud has occurred. Signed into law in July 2025, the GENIUS Act will establish clear, consistent rules for stablecoin issuers, encourage responsible innovation, and ensure consumer protection.
The GENIUS Act will provide comprehensive federal oversight for the stablecoin market but there are thousands of flavors of unregulated crypto currencies. Banks can’t wait for tighter controls and regulations on digital currencies – they must do all they can now to protect their customers from fraud and significant financial losses, while also protecting their organizations from permanent reputational damage and potential lawsuits.
There are three effective strategies banks can employ to successfully fight fraud, protect their customers, maintain regulatory compliance, and safely capitalize on the opportunities presented by digital assets:
● Advanced Transaction Monitoring: Blockchain intelligence tools from companies like TRM Labs, Elliptic, and others, can analyze wallet addresses for better detection of links to scams, sanctions, and dark web activity. Using AI and machine learning, banks can identify red flags such as large fiat-to-crypto transfers by inexperienced users, transactions involving newly created, blacklisted crypto wallets, or multiple users transacting with the same suspicious wallet.
● Strengthen KYC and Risk Scoring: To counter vulnerabilities in traditional KYC practices, banks can go beyond basic KYC to prioritize behavioral profiling that will determine age, region, and historical account activity. Banks should also consider crypto-specific risk scoring that considers the user’s history of funding known exchanges and offshore wallets and then regularly re-evaluate account risk based on emerging fraud patterns or crypto activity spikes.
● Leverage Geolocation and Behavioral Insights: Combining more accurate and robust geolocation sources that leverage both device and behavioural insights – such as time-of-day patterns and transaction size – offers a seamless experience for legitimate users and adds more friction for fraudsters. Advanced geolocation technology provides banks the ability to detect unusual login or transaction behavior, such as a sudden change in location where customers make crypto purchases. It also allows banks to trigger step-up authentication, such as OTP or re-verification, leading to temporarily freezing or flagging transactions and notifying customers of fraudulent activity. Non-IP-based geolocation is also ideal for blocking transactions from high-risk jurisdictions on sanctions watch lists and countries with lax AM/CFT enforcement. Finally, it provides critical datapoints for successfully combating social engineering scams, like pig butchering, which has been enormously profitable for fraudsters.
Easing the tenuous relationship between banks and crypto
While the crypto sector presents a lucrative opportunity that promises new revenue streams, faster cross-border payments, and access to a younger, tech-savvy client base, it also carries significant challenges. Until a regulatory framework is in place, banks can safeguard their reputation and protect their customers from fraud by implementing a combination of advanced technologies – including AI, blockchain and advanced geolocation – and strategies that strengthen KYC to detect malicious behavior to protect customers from scams and money laundering schemes.
About the author
Marco Stotani is the Chief Business Officer of GeoComply where he is currently responsible for the Revenue Team, focusing on the company’s global expansion across verticals, including Gaming, Fintech, Media and other sectors. As part of his current role, Marco also oversees the Fraud and Risk Management team, which supports customers to maximize the value of the GeoComply platform to detect, investigate and prevent advanced fraud schemes. Marco also brings nearly a decade of experience in investment banking, where he has advised private and public companies in Europe and North America across various sectors, including fintech, technology and gaming.