Stablecoins are increasingly embedded in the real economy, supporting faster settlement, cross-border payments, and programmable financial flaws. However, the Financial Action Task Force's (FATF) March 2026 targeted report underscores a critical point: the very features that make stablecoins attractive - liquidity, interoperability, and price stability - also create vulnerabilities, particularly through peer-to-peer (P2P) transactions using unhosted wallets, where regulated intermediaries may be absent.
The key implication is not that stablecoins are inherently unsafe. Rather, stablecoins change where financial-crime risk sits. In traditional payments, accountability is concentrated in institutions and schemes. In stablecoin arrangements, accountability shifts toward governance design, custody structures, issuer controls, and operating models.
Risk is not eliminated, it is re-located. As a result, the defining differentiator for firms is no longer compliance assertations, but the ability to evidence control across the stablecoin lifecycle.
The FATF report highlights the rapid expansion of stablecoins, with more than 250 stablecoins in circulation by mid-2025 and aggregate market capitalisation exceeding USD 300 billion. It also documents their increasing presence in illicit finance typologies, particularly where transactions occur directly between users without passing through AML/CFT-obliged intermediaries.
A focal point of the report is the unhosted wallet challenge. Where value moves directly between parties, traditional AML/CFT frameworks - built around intermediary visibility - are weakened. These challenges are further compounded by cross-chain activity, which can fragment transaction trails and complicate supervisory oversight.
Viewed through this lens, stablecoins should be assessed not as isolated instruments, but as arrangements: interconnected ecosystems involving issuers, intermediaries, custodians, wallet providers, and governance mechanisms. Supervisory and board‑level attention therefore shifts from the token itself to a more fundamental question: where does accountability reside within the arrangement, and how is it demonstrated?
Blockchain‑based transactions are often described as transparent. However, transparency alone does not equate to investigability.
On‑chain records are typically pseudonymous and frequently lack essential contextual information, including customer identity and, in some cases, geographic attribution. Without this context, effective sanctions screening, transaction monitoring, and international cooperation become materially more difficult.
For this reason, the FATF reiterates the importance of applying Customer Due Diligence (CDD), sanctions screening, and—where applicable—the Travel Rule at critical interaction points between stablecoins and the regulated financial system, particularly at issuance, exchange, and redemption.
One of the most significant aspects of the FATF report is its emphasis on risk‑based technical and governance controls embedded directly into stablecoin arrangements.
The report highlights issuer‑level capabilities such as the ability to freeze, burn, or withdraw stablecoins in secondary markets, conduct due diligence at redemption, and, where proportionate, implement allow‑listing (restricting transactions to approved addresses) and deny‑listing (blocking high‑risk addresses).
This reflects an important regulatory shift. In stablecoin arrangements, controls are not confined to policies and procedures; they can be designed into the operating and contractual layers of the ecosystem.
The practical challenge for firms is therefore to demonstrate effective control outcomes at each stage of the stablecoin lifecycle - issuance, distribution, transfer, and redemption.
For boards, compliance leaders, and payments strategists, the appropriate response is not to avoid stablecoins, but to design a defensible assurance perimeter that reflects how and where risk is concentrated.
A practical approach typically combines three layers:
Together, these layers enable firms to demonstrate not only that controls exist, but that they operate effectively and can be evidenced.
Across Europe, stablecoins increasingly sit at the intersection of payments regulation, digital asset frameworks, and financial crime controls. The FATF’s analysis reinforces the importance of ensuring that stablecoin arrangements do not fall between regulatory regimes, and that Recommendation 15 of the FATF Standards is fully implemented.
In practice, firms will be expected to evidence:
This reflects a broader reality: convergence in financial services is being driven by governance and accountability, not technology alone.
Addressing stablecoin risk requires more than regulatory interpretation. It demands integrated support across strategy, operating model design, and assurance.
Grant Thornton supports clients across the stablecoin and digital asset ecosystem by:
As stablecoins continue to scale, the ability to demonstrate stable accountability, through clear governance, embedded controls, and credible evidence, will be central to sustainable growth.
The FATF’s latest report does not signal a retreat from stablecoins. It signals the end of an era in which compliance could be asserted rather than demonstrated.
The firms that succeed in the next phase of stablecoin adoption will be those that can show where risk sits, how it is controlled, and how that control can be evidenced, across the full value chain.
Navigating the evolving regulatory and financial-crime risks surrounding stablecoins can be complex. Our team works with organisations to clarify regulatory expectations, assess governance and control frameworks, and strengthen operating models across the stablecoin lifecycle.
If you would like to discuss what these developments mean for your business, our specialists are here to help.
