17 February 2026: MONEYVAL Published Report on Virtual Assets

MONEYVAL has recently published a report exploring how virtual assets (VA) and virtual asset service providers (VASPS) are used to facilitate money laundering, terrorist financing, and proliferation financing (ML/TF/PF).

 

Report Summary

Drawing on information from 25 MONEYVAL jurisdictions, including the Isle of Man, the report offers an updated review of regulatory and supervisory measures for the virtual asset service provider sector and highlights key risks linked to specific products. This new edition, which follows an initial review in 2023, reflects the rapid evolution of cryptocurrency and virtual asset technologies, placing particular emphasis on the ways virtual assets may be exploited to bypass targeted financial sanctions.

The report highlights substantial progress in establishing regulatory and supervisory frameworks for VA and VASPs, as well as improvements in international cooperation to counter financial crime.

However, despite the progress made internationally, the report notes that challenges persist - especially the need to prevent VA from being used to sidestep targeted financial sanctions (TFS).

 

Progress made and areas for improvement

  1. Most MONEYVAL jurisdictions have conducted risk assessments on VAs and VASPs, but the depth and quality vary, and many assessments lack specific analysis of TFS evasion risks.
  2. Licensing and Registration Regimes Are Expanding. Approximately 81% of jurisdictions now require VASPs to be licensed or registered, marking a significant increase. However, enforcement and detection of unlicensed VASPs remain weak.
  3. Supervisory Structures are Mostly in Place. Over 90% of jurisdictions have designated supervisory authorities for VASPs, typically financial regulators or FIUs. However, guidance and outreach to VASPs are inconsistent.
  4. Travel Rule Implementation Is Incomplete. Only about 46% of jurisdictions have implemented the FATF Travel Rule for VASPs. Many non-EU countries are awaiting alignment with EU regulations, and enforcement is limited.
  5. TFS Compliance Is Legally Mandated, but Operationally Challenging. Most jurisdictions require VASPs to comply with TFS obligations. But few have robust mechanisms to detect or penalise breaches. Sanctions evasion via VAs is a growing concern.
  6. International Cooperation Is Strong. Jurisdictions report high levels of cross-border collaboration through FIUs, law enforcement, and supervisory networks. This is one of the most compliant areas across MONEYVAL members.
  7. VA Use in Gaming and Other Sectors Presents Unique Risks. Some jurisdictions allow VA use in online gambling under strict conditions. Case studies show exposure to illicit activity, including links to child abuse material.
  8. Data Collection Remains a Major Challenge. Many jurisdictions lack structured data on VAs activity, especially cross-border flows. Some are adopting blockchain analytics and enhanced reporting to address this.
  9. Emerging Typologies include sanctions evasion, Fraud, and Proliferation Financing.  New threats include state-sponsored actors using VAs for proliferation financing, money mule networks, and fraud schemes exploiting the anonymity and speed of VAs.
  10. Public–Private Partnerships (PPPs) are growing but uneven. Some jurisdictions have launched PPPs to improve suspicious transaction reporting (STR) quality and typology development, but only 40% have active initiatives involving VASPs. PPPs are becoming critical in the fast-moving VAs space to allow the private sector to effectively enable the public sector to prevent VAs from being used for criminal purposes. 

 

Takeaways for the Gambling Industry

  • VA use in online gambling can create channels of exposure to high risk/illicit activity;
  • Emerging Typologies Include Sanctions Evasion, Fraud, and Proliferation Financing;
  • State-sponsored actors use VAs for PF money mule networks and fraud schemes, exploiting the anonymity and speed of VAs;
  • Case studies show exposure to illicit activity, including links to child abuse material;
  • Data sharing is increasingly important; and
  • Virtual Asset technology must be assessed nationally within NRAs.

 

The full report and press release are available on the FATF website. Operators should review the document in line with their internal risk assessments.