IIF Response to U.S. Treasury GENIUS Act Request for Comment on Digital Assets and Illicit Finance > The Institute of International Finance

The IIF responded to the U.S. Department of Treasury’s (UST) Request for Comment (RFC) on innovative methods to detect illicit activity involving digital assets. While arising from the GENIUS Act’s payment stablecoin focus, the RFC addresses digital assets broadly given pending legislative proposals regarding financial market structure. Summary of key findings and considerations:

• Illicit finance risks. The pseudonymous nature of blockchain introduces illicit finance risks, especially when layered onto or operating alongside traditional financial systems. Vulnerabilities in digital asset networks, oracles, and smart contracts, such as weak identity verification and complex compliance processes, can lead to exploits. To counter these threats, FIs and non-bank financial institutions (NBFIs) including payment service providers (PSPs) are increasingly using blockchain analytics, AI models, and API-driven systems to detect suspicious activity. These technologies are rapidly improving. Blockchain analytics have aided in the recovery of billions in illicit crypto-asset transactions. AI is increasingly enhancing threat detection, reducing false positives, strengthening risk-based compliance, and improving resource efficiency.
• A “same activity, same risk, same regulatory outcome” approach is necessary for consistent regulatory treatment across products and institutions, even if achieved through different methods. To prevent regulatory arbitrage and protect financial integrity, policymakers should clearly define intended outcomes. Specifically, the appropriate frameworks should be applied to all inherently financial activities, whether at the product, application, or platform level.
• Guidance. A principles-based regulatory approach can enhance regulatory outcomes. Non-binding guidance on best practices for API and AI deployment and standardized cross-border data sharing protocols could foster innovation while promoting continual international collaboration. Coordinated digital identity standards and trust frameworks would strengthen verification, while technology-neutral regulations focused on outcomes, rather than prescribed methods, would enable flexible and compliant solutions. Providing clarity that entities deploying illicit-finance-detecting technologies do not run afoul of data protection laws and cross-border data sharing rules could be helpful.