On March 3, 2026, the Financial Action Task Force (FATF) released its Targeted Report on Stablecoins and Unhosted Wallets – Peer-to-Peer Transactions. The report sends a clear message: stablecoins are no longer just an on-ramp and off-ramp issue. As illicit finance increasingly moves through peer-to-peer (P2P) transfers via unhosted wallets, regulatory attention is shifting deeper into the secondary market. For stablecoin issuers, VASPs, and other financial institutions, the new challenge is no longer only who enters the system, but how value moves after issuance.
According to the FATF report, 259 stablecoins were circulating at the end of June 2025, and stablecoin market capitalization reached USD 316 billion in October 2025. Their price stability, liquidity, and interoperability make them useful for legitimate payments and transfers, but those same traits also make them attractive to money launderers, terrorist financiers, sanctions evaders, and proliferation financing networks.
Why This Report Matters
One of the report’s most important observations is that much of the illicit activity involving stablecoins now happens in the secondary market. In other words, the core risk often arises after issuance, when stablecoins circulate between holders, move across chains, and pass through unhosted wallets without the involvement of an AML/CFT-obliged intermediary.
That is why the report places special emphasis on P2P transfers via unhosted wallets. These transactions can occur outside the visibility of regulated intermediaries, weaken the effectiveness of traditional compliance controls, and make suspicious transaction reporting harder in practice. FATF is not saying that on-chain activity is invisible. It is saying that visibility without operational controls is no longer enough.
In effect, the compliance focus is expanding from fiat entry and exit points to the full lifecycle of stablecoin circulation. That includes monitoring how stablecoins are used in the secondary market, how they move across chains, and whether technical controls can be used to mitigate risk before illicit flows scale.
What FATF Wants Next
For Jurisdictions
FATF urges jurisdictions to fully implement Recommendation 15 and ensure that stablecoin issuers, intermediary VASPs, financial institutions, and other relevant participants in stablecoin arrangements are subject to clear AML/CFT obligations. These obligations include licensing or registration, customer due diligence, recordkeeping, suspicious transaction reporting, and Travel Rule compliance where applicable.
Just as important, the report calls on supervisors and law enforcement authorities to build stronger technical capabilities. FATF highlights the need to understand smart contract functions, cross-chain transaction mechanics, blockchain analytics tools, and the risk patterns associated with P2P transfers via unhosted wallets. This is a practical shift. The report makes it clear that policy alone is not enough if authorities cannot interpret on-chain behavior in real time.
Jurisdictions are also encouraged to monitor the volume and risk profile of P2P activity conducted through unhosted wallets and to assess informal or unlicensed redemption channels. FATF goes further by suggesting that, depending on risk and context, stablecoin issuers may need to proactively monitor the location and use of their stablecoins in the secondary market with the support of blockchain analytics tools.
The report also supports stronger cross-border coordination. It suggests jurisdictions consider establishing multinational supervisory colleges for cross-border stablecoin arrangements, faster domestic and international information-sharing mechanisms, and structured public-private partnerships to exchange typologies, red flags, and emerging threat intelligence.
For Issuers and VASPs
For the private sector, FATF’s direction is equally clear. Stablecoin issuers and VASPs should not limit compliance to primary issuance and redemption. They need to understand and mitigate risk across issuance, circulation, and redemption, especially when stablecoins circulate through unhosted wallets and across multiple chains.
The report strongly encourages issuers to implement programmable controls inside smart contracts and governance processes. These include allow-listing, deny-listing, transaction limits, and the ability to block, freeze, and withdraw stablecoins, including by burning and re-issuing them when necessary. FATF is explicit that these controls are no longer theoretical design choices. They are practical tools for secondary-market risk mitigation.
FATF also encourages broad use of advanced blockchain analysis tools. Issuers and VASPs should be able to trace source and destination flows, assess indirect exposure, identify multi-hop laundering paths, and investigate cross-chain movement designed to break traceability.
When VASPs deal with transactions involving unhosted wallets, the report points toward stronger safeguards. These include enhanced due diligence, transaction limits, verification of wallet ownership or control, and risk assessment based on transaction context rather than surface-level screening alone.
Where Technology Helps
FATF’s recommendations point to a simple reality: compliance in the stablecoin market is becoming a technical discipline. Manual review, static blacklists, and delayed case handling are not enough for high-speed, multi-chain environments.
For screening and monitoring, firms need continuous visibility over addresses, counterparties, transactions, and behavioral changes. That is where on-chain compliance infrastructure becomes operationally important. Phalcon Compliance is designed for this layer of work. It combines address screening, transaction monitoring, case workflows, clear fund-flow views, and one-click STR/SAR exports. For institutions that need ongoing AML/CFT controls, this kind of system helps turn regulatory expectations into repeatable day-to-day workflows.
For deeper investigations, teams also need the ability to move beyond alerts and reconstruct how funds actually traveled. MetaSleuth fits this investigative layer. It traces funds across chains, maps transaction networks, reveals hidden links between entities and activities, and supports evidence-ready investigation workflows. This matters especially when risk is not direct but layered through multiple wallets, bridges, or intermediary platforms.
The practical takeaway is straightforward. Screening detects exposure early. Monitoring keeps pace with change. Tracing explains what happened. Reporting closes the loop. FATF’s report does not require every institution to build those capabilities from scratch, but it does make clear that firms without them will struggle to meet the next phase of regulatory expectations.
Key Risk Indicators
FATF’s annex of risk indicators is one of the most useful parts of the report. It gives compliance teams a concrete starting point for detection logic, escalation rules, and investigator playbooks.
Unusual Transaction Patterns
The report flags rapid cross-border stablecoin movements that do not match a customer’s profile. It also highlights large transfers to multiple beneficiaries within a short period, the splitting or aggregation of large stablecoin volumes, and repeated conversions between fiat, stablecoins, or other virtual assets without any clear economic rationale.
Other indicators include large-value activity following a long period of inactivity, as well as multiple large transfers into newly opened or previously inactive accounts. These patterns matter because they often indicate layering behavior rather than normal payment activity.
Anonymity Risk Signals
The report also identifies red flags related to anonymity and traceability. One key indicator is stablecoin transfers involving unhosted wallets that are multiple hops away from Travel Rule-covered wallets (TRW). FATF is effectively warning that transaction distance does not remove risk.
Other warning signs include wallets that become active after a long dormant period, complete multiple cross-chain transfers in a short window, and then go inactive again. The report also points to large two-way transfers with hosted wallets of offshore stablecoin exchanges, interactions with illegal domestic or offshore stablecoin trading platforms, and transfers linked to dark web markets.
FATF further highlights the use of DeFi swapping, liquidity pooling, yield farming, mixers, privacy-enhancing tools, chain-hopping, and wrap/unwrap patterns before off-ramping. Each of these can be part of a broader attempt to reduce traceability and exploit gaps between networks and service providers.
TF and PF Signals
The report’s terrorism financing and proliferation financing indicators are especially notable. FATF points to repeated donations to frequently changing wallets that still share artifacts such as QR codes, domains, or change addresses. It also warns about stablecoin inflows labeled as humanitarian support that are quickly diverted into trading activity, mixers, or cross-chain transfers.
Additional signals include dense chains of more than 25 rapid hops, re-aggregation through procurement wallets, and payments directed to intermediaries near free trade zones or logistics hubs for lab equipment, machine tools, RF components, unmanned aerial vehicle parts, and other dual-use goods.
The report also warns that cross-chain bridges may be used to move through analytics and policy gaps between networks, and that off-ramping through weak-control jurisdictions or non-compliant VASPs remains a major concern.
For compliance teams, these indicators should not remain abstract policy language. They should be turned into screening rules, monitoring templates, investigation triggers, and reporting workflows. This is where technology makes the difference between awareness and enforcement.
What Firms Should Do
The firms that adapt fastest will be the ones that treat FATF’s report as an operational roadmap, not just a policy signal.
First, map exposure across the full stablecoin lifecycle. That means issuance, circulation, redemption, and post-issuance movement in the secondary market.
Second, add real-time screening and monitoring at the points where risk is most likely to enter or change. Deposits, transfers, redemptions, and high-risk counterparties all need ongoing visibility.
Third, treat unhosted wallet exposure as a continuous risk-management problem. It should not be handled only as an exception case during onboarding.
Fourth, pair alerting with deep tracing. If you cannot explain how funds moved, who they interacted with, and whether cross-chain behavior changed the risk profile, you will struggle to defend compliance decisions.
Fifth, build technical and governance controls before regulators force the issue. If freeze, deny-list, withdrawal, or transaction-limit mechanisms are relevant to your model, they should be designed and tested before an urgent enforcement request arrives.
Closing Thoughts
FATF’s March 2026 report marks a new phase in global stablecoin compliance. The battleground is moving on-chain, from fiat gateways to the secondary market, and from static controls to continuous monitoring of P2P activity.
For the industry, this is both a pressure point and an opportunity. The firms that build strong on-chain compliance capabilities early will be better positioned to earn regulatory trust, protect users, and scale with confidence.
BlockSec will continue to invest in blockchain security and compliance infrastructure through products such as Phalcon Compliance and MetaSleuth, helping the industry move toward a Web3 ecosystem that is safer, more transparent, and more compliant.
