BIS Report Compliance Watch: The Real Risks of Stablecoins, Not Just “De-pegging”

Author: compliance Xiaobai

Recently, the Bank for International Settlements (BIS) released Chapter 3 of its “Annual Economic Report”: Anchoring trust in money: innovation beyond stablecoins. This can be understood as: Anchoring trust in money: innovation paths beyond stablecoins. The report was released on June 23, 2026. From a macroeconomic and financial perspective, this report discusses the future monetary system, tokenization, and stablecoins. However, from a compliance perspective, it truly reminds us that the problem with stablecoins is not just whether their price will de-peg, but whether they can be integrated into an identifiable, monitorable, accountable, and regulable financial system.

I. BIS is not against technology, but is asking: where does trust come from? BIS acknowledges that stablecoins and tokenization do bring some efficiency improvements, such as faster payments, programmable payments, atomic settlement, and less reconciliation friction. The report also points out that DLT and tokenization can place assets and funds on programmable ledgers, supporting automated and round-the-clock operations. However, BIS’s core view is that money is not purely a technological product. Money becomes money not just because it can transfer value, but because there is an institutional arrangement behind it: a common unit of account, certainty of redemption at face value, liquidity support, a regulatory and legal framework, and financial integrity requirements. This is crucial for compliance professionals. Because any new payment tool, once it enters large-scale usage scenarios, will ultimately face the same question: who identifies the customer? Who monitors transactions? Who handles anomalies? Who bears responsibility?

II. The compliance risk of stablecoins is not just on-chain anonymity. When many people talk about stablecoin risks, their first reaction is “on-chain anonymity” and “wallets are hard to trace.” But the BIS report provides a more systematic view. In the traditional financial system, banks and regulated institutions bear responsibilities such as customer identification, transaction monitoring, suspicious activity reporting, and stopping or reversing payments when necessary. In contrast, stablecoins primarily circulate on public, permissionless blockchains, where pseudo-anonymity, non-custodial wallets, cross-chain bridges, and mixing tools can weaken KYC and AML/CFT controls. This means that stablecoins do not present a single point of risk, but a set of combined risks: it is not always clear who the customer is; the origin of funds may not be fully traceable; the purpose of transactions may not be explainable; after crossing chains, the path may be fragmented; and if problems arise, the responsible party may not be clear.

Therefore, for compliance departments, it is not enough to ask, “Is this address risky?” They should ask: Why does this customer want to use stablecoins? How do stablecoins enter and exit between fiat currency accounts? Who are the counterparties? What is the relationship between wallets, exchanges, and payment institutions? Is the fund path consistent with the customer’s background and business model?

III. On-chain transparency does not equal compliance transparency. Stablecoin proponents often say: on-chain transactions are public, therefore more transparent. This statement is only half true. While on-chain data is indeed visible, “address visibility” does not equal “identity visibility.” “Transaction path visibility” does not equal “transaction purpose clarity.” BIS also mentions that blockchain analytics firms are already supporting law enforcement agencies, and some stablecoin issuers have frozen specific on-chain addresses, indicating that on-chain technology does help in risk identification. However, BIS also emphasizes that these measures cannot replace daily, large-scale AML/CFT controls. True compliance is not about buying a tool, but about establishing a closed loop: before customer onboarding, can virtual asset exposure be identified? During transactions, can on-chain and off-chain fund flows be monitored? When risks are flagged, can they be manually reviewed and explained? After suspicious leads are formed, can they be recorded, escalated, and reported? After model and rule adjustments, can they be audited and reviewed? Technology is only one link in the compliance chain, not compliance itself.

IV. Stablecoins will bring “on-chain risks” back to traditional finance. The BIS report mentions that as of the end of May 2026, the market capitalization of stablecoins was approximately $320 billion; the estimated annual transaction volume of stablecoins in 2025 was about $28 trillion, but after excluding transfers between wallets of the same entity, the actual economic significance is much lower. These figures illustrate one thing: stablecoins are already large enough to not be ignored by compliance departments; but they are not yet mature enough to completely replace the existing financial system. More importantly, stablecoin risks will not remain on-chain. They will re-enter traditional financial institutions through deposits and withdrawals, exchanges, payment institutions, trade scenarios, cross-border settlements, and customer accounts.

For example: customers frequently deposit funds into virtual asset platforms using bank accounts; corporate clients claim to be engaged in cross-border trade, but the funds ultimately flow through stablecoin channels; individual customer accounts receive large amounts from strangers and then concentrate on purchasing virtual assets; customers explain these as “investment,” “settlement,” or “foreign exchange,” but their transaction behavior does not match their income sources. These scenarios are essentially not purely “virtual asset problems,” but customer due diligence and transaction monitoring issues that traditional financial institutions must face.

V. Future regulatory direction: not to prohibit innovation, but to “embed rules.” BIS proposes a very important direction: future tokenized finance should not deviate from the existing trust system, but should introduce tokenization technology into a two-tier monetary system based on central bank currency and regulated institutions. From a compliance perspective, this is essentially four words: rules upfront. More feasible digital financial infrastructure in the future should embed within the transaction process: customer identification, pre-screening of transactions, risk rule judgment, auditable data trails, privacy and data sovereignty protection, and cross-institutional and cross-jurisdictional collaboration mechanisms.

BIS also explicitly states that platforms with licensing mechanisms that can embed AML/CFT pre-screening, list screening, and auditable data trails in their transaction processes are more likely to maintain financial integrity in large-scale scenarios. This is also where compliance technology has real value in the future: not ex-post remediation, but embedding risk control into the process before payments and settlements occur.

Compliance Xiaobai’s observation of this BIS report’s inspiration for compliance professionals is not about “whether stablecoins are good or bad,” but rather: in the future, all new financial tools, as long as they aim to become mainstream payment and settlement tools, must answer compliance questions. Who identifies the customer? Who monitors the transaction? Who handles anomalies? Who bears responsibility? Who ensures consistency of cross-border rules? If these questions have no answers, no matter how advanced the technology, it will only shift the risk to places that are harder to regulate. Therefore, from a compliance perspective, stablecoins are not a simple “crypto topic.” They will affect bank account monitoring, payment institution risk control, cross-border fund flows, virtual asset onboarding, customer risk ratings, and financial crime prevention. The truly valuable direction in the future is not to bypass compliance with technology, but to embed compliance capabilities into technological infrastructure. Compliance is not the opposite of innovation. Compliance is the infrastructure that enables financial innovation to go far.

[compliance Xiaobai]

RichSilo Exclusive Analysis:

BIS Compliance Flashpoint: Stablecoins Face Structural Test, Not Market Test

The Bank for International Settlements (BIS) has just redefined the stablecoin risk paradigm—and it’s not about peg maintenance. Issued in June 2026, Chapter 3 of the Annual Economic Report, “Anchoring trust in money,” delivers a masterclass in institutional skepticism that should resonate deeply with sophisticated crypto investors: stablecoins are not failing because they’ll de-peg—they may fail because they can’t be made compliance-gradable. This is no longer a technical footnote. It’s the core threat vector.

🔥 Bitget Exclusive Offer: Register now to claim up to 6,200 USDT in Welcome Bonuses! Plus, enjoy a lifetime 20% Fee Rebate on all Spot & Futures trades.
Start Trading on Bitget

The Real Risk: Integration, Not Inflation

Depegging is a market malfunction. Failure to integrate into an identifiable, monitorable, accountable, and regulable (IMAR) financial ecosystem is an existential one. BIS explicitly endorses DLT’s efficiencies—programmability, atomic settlement, 24/7 rails—but insists money derives legitimacy not from code, but from institutional anchoring: a universal unit of account, legal enforceability, central bank backstop, and—crucially—AML/CFT integration. This reframing forces a capital reallocation: projects built for decentralization at all costs now face structural obsolescence if they lack built-in accountability.

Consider the implications for portfolio construction:

  • Delegation-based stablecoins (e.g., unlicensed minters on public blockchains, decentralized reserve pools with non-transparent asset custody) will be deemed non-compliant by architecture. Even if pegged perfectly, their inability to satisfy KYC/AML continuity across the on/off-ramp chain renders them institutionally toxic.
  • Compliance-native tokens (e.g., USDC, Circle’s regulated rails, or future CBDC-integrated stablecoins) gain credibility. Their issuance assumes institutional gatekeeping—and that’s a competitive moat. Expect them to dominate corporate cash management, cross-border payroll, and B2B trade as legacy finance begins stress-testing these rails.

On-Chain Transparency ≠ Compliance Transparency: A False Dilemma

Investors often conflate public ledgers with auditability. BIS demolishes this illusion: “Address visibility does not equal identity visibility.” A blockchain may record every transaction, but without mapping addresses to actors, purposes, and provenance, regulators will treat it as high-risk opacity. The report highlights that analytics tools and address freezing are complementary, not替代, to continuous CDD and transaction monitoring. The real differentiator isn’t blockchain transparency—it’s whether the entity issuing, custodialing, or settling can answer these questions before transaction finality:

  • Why is this customer using a stablecoin instead of ACH or SWIFT?
  • How were the funds sourced?
  • Who is the ultimate counterparty across chains?
  • Can the full lifecycle be audited—and is the trail immutable?

Projects that rely on off-chain disclosures or voluntary compliance (e.g., many DeFi stablecoin protocols) are vulnerable. Those embedding pre-settlement risk scoring (e.g., FATF Travel Rule compliance at protocol level, real-time screening of entities/jurisdictions, geofencing) will attract institutional volume.

The Institutional Re-Entry Threat: On-Chain Risks Go Offline

The report cites $320B in circulating supply and $28T annual volume—implying massive off-ramp potential. But the true concern isn’t scale: it’s unmonitored reintegration. As stablecoins flow through exchanges, payment providers, and corporate treasuries, the risk surface expands beyond wallets into:

  • Corporate accounts that “use stablecoins for FX” but lack underlying trade documentation
  • Retail bank clients depositing large stablecoin inflows with no source-of-funds explanation
  • Cross-border settlements disguised as “crypto payouts” masking sanctions circumvention

This is where compliance officers—both in legacy banks and crypto-native firms—will face heightened pressure. Expect accelerated de-banking of VASPs lacking end-to-end transaction mapping. The U.S. Treasury’s recent focus on institutional onboarding of high-risk stablecoin users (e.g., crypto-native treasuries without corporate verifiable audit trails) is just the start.

The Regulatory Arc: Not Ban, But Embed

BIS doesn’t call for banning innovation. It demands rules upfront. Future tokenized finance will reside in a two-tier system: CBDC or regulated bank money at the base layer, with tokenized assets built on top—via licensed custodians or designated market makers. From a compliance lens, this means:

  • On-chain, embedded controls will be non-negotiable: pre-lending screening, real-time entity/jurisdiction risk scoring, and auditor-friendly data trails.
  • Permissionless protocols will be marginalized unless they introduce KYC/AML enforcement layers (e.g., via identity-binding protocols like polygon-id or zKVs).
  • Regulated infrastructure providers (e.g., licensed stablecoin issuers, AML-compliant L2s, FATF-aligned bridges) will command structural premiums.

This aligns with global momentum: Europol’s recent warnings on decentralized stablecoin misuse, FATF’s June 2026 guidance on trustless systems, and MiCA’s Articles 61–63 requiring issuer accountability all point to the same conclusion: trustless does not mean regulatorily trust-free.

Investor Implications: Prioritize Compliance-Native Infrastructure

For experienced crypto investors, this BIS report isn’t a warning against stablecoins—it’s a filter for survival:

Go long on:
– Regulated, licensed stablecoin issuers with auditable reserves and transaction controls (e.g., USDC, tokenized currencies on licensed rails)
– Layer-1s/L2s with built-in compliance architecture (e.g., embedded Travel Rule, jurisdiction-based access controls)
– Fintechs enabling corporate stablecoin adoption with verifiable use cases (e.g., B2B trade, payrollautomation)

Re-evaluate exposure to:
– Decentralized or non-custodially issued stablecoins lacking AML/CTF continuity
– Projects relying on “community self监管” or ex-post forensic tools
– Cross-chain protocols without unified risk-scoring (e.g., bridges that fragment auditability)

Stablecoins won’t die from de-peg. They’ll fade if they can’t satisfy the IMAR test: If no one can identify the customer, monitor the transaction, assign accountability, or answer regulators—then the technology fails its foundational purpose: being money.

Institutional adoption isn’t coming—it’s being gated by compliance. The winners won’t be the most decentralized. They’ll be the most trusted.

🚀 Bybit Limited Time: The World's #1 Crypto Platform! Sign up to claim up to 30,000 USDT in rewards, and automatically activate a lifetime 20% Fee Discount!
Join Bybit Now