Skip to content
Home » Insights » Crypto and Banking: Integrated Integrity Compliance

Crypto and Banking: Integrated Integrity Compliance

In 2024, the Dutch Banking Association called out “Fragmentation of the Payment Landscape”1 as a key risk for its member banks. At the time, the writers were mainly concerned with risks around intermediary fintech firms such as payment service providers or money service businesses2. Two years later, the real wildcard of fragmentation turns out to be the rise of the cryptocurrency industry and associated technologies, driven in no small part by the United States’ regulatory 180-degree turn on the subject3, and the European Union’s push for autonomy in financial transactions.

Various European initiatives are on the cards. For instance, with a consortium of European banks launching a stablecoin to facilitate interbank payments without the need for SEPA or SWIFT messaging.4 Indeed, the EU’s own digital Euro is even making progress, targeting a 2029 launch. Across the board, transaction volumes for all stablecoins continue to grow annually by double digits, and are presenting an alternative to traditional cross-border payment systems. And even if a Financial Institution (FI) is resisting adopting crypto technologies by themselves, the SWIFT network will force them to eventually with their own blockchain ambition, or Visa will with their adoption of Circle’s USDC for card settlements.

Paired with this comes a new category of risk: integration risk. A recent case of sanctions evasion to procure 100mln US$ worth of Iranian oil using cryptocurrencies shows what firms who do not have a good grasp of the integrity risks (i.e. money laundering, sanctions evasion, etc.) may be exposing themselves to. Such risks may emerge from shadow banking networks spanning multiple jurisdictions, where front companies and cryptocurrency use obscure beneficial ownership, enabling sanctions evasion through cross-border transaction webs. Such multifaceted scenarios are typically where traditional integrity risk monitoring falls short.

Adding to the challenge, regulators are doing their best to provide clarity5 for cryptocurrency integration with traditional finance. This paradoxically results in an absolute abbreviation salad of regulations, best practices, and new governmental bodies. As it stands, if you’re an EU FI issuing a stablecoin, that means it’s beholden to (at least) MiCAR6, AMLR, AMLD6, GDPR7, and DORA8. This means at least 6 regulatory institutions would like to have coffee with you on the subject, having potentially clashing expectations:9

Pictured: the chef’s special regulatory abbreviation salad presented to an FI issuing a stablecoin. Conflicts here are non-exhaustive

This article goes into the challenge of controlling integrity risks when integrating the cryptocurrency transaction rail in traditional FIs, or when Crypto-Asset Service Providers (CASPs) become integrated with traditional FIs services. To help with these challenges, it outlines how network analytics can help institutions navigate the resulting complexity without stifling innovation. To top it off, we illustrate through examples how an integrated FI may actually be better positioned to deal with the integrity risk challenges of cryptocurrency integration with traditional finance than a firm deliberately choosing to abstain from integration altogether to avoid compliance risk exposure.

Note: this article assumes familiarity with cryptocurrency concepts and their AML challenges. This article by the AML Center (part of the Dutch public prosecution branch) covers the basics quite well.

Beyond Fragmentation: The New Compliance Landscape

For traditional FIs (including Payment Service Providers and other Fintech firms) what once appeared as an obscure parallel payment ecosystem highlighted as a key risk in nearly every FI’s integrity risk analysis10, has evolved into a credible alternative for cross-border transactions. Stablecoin adoption continues to grow, and provides an understandable low-risk11 transaction alternative to global consumers.

Meanwhile, CASPs (e.g. exchanges, custodians, wallet providers, stablecoin issuers, etc.), already increasingly in the regulatory crosshairs, find themselves scrutinized with regulatory oversight and enforcement (well, at least in the EU). Rather than just increasing fragmentation of integrity risks, cryptocurrency integration with traditional finance introduces four trends:

Stablecoins and other digital assets add new features to known AML risk typologies. Traditional transaction monitoring systems are poorly equipped to detect patterns like mixing or cross-chain hopping, meaning FIs will need to build analytical capabilities to interpret crypto’s unique transaction patterns. CASPs on the other hand will get to deal with traditional AML challenges like (legally unrestricted12) customer cash use, and intermediary FI risks.

Also, let’s not forget the operational AML or KYC analyst, now having to browse through and understand a bunch of different transactions types to make sense of a customer’s behaviour. The ensuing incendiary TV programs are already writing themselves.

Traditional FIs innovating in crypto face the EU’s MiCAR regulation on top of the already applicable AMLR, AMLD6, GDPR, and DORA. A big challenge lies in interpreting these regulations in a complementary manner in all their contradictory requirements, since AMLR/AMLD6 emphasize transparency, GDPR mandates data use minimization, MiCAR establishes new forms of securities oversight, and DORA prioritizes technical resilience. This harmonization works both ways, as CASPs will take on new regulatory burdens when integrating with traditional FIs featuring customer types they haven’t seen before.

To innovate in the crypto space, traditional FIs will need CASP partners who can meet regulatory expectations at their scale13. That includes proven robust governance structures, business continuity frameworks aligned with DORA, and AML processes effective in both design and operations.

The competitive advantage many CASPs employed for early growth (speed and anonymity) may threaten access to traditional FI partners. Without changing their operating model and running risk remediation exercises, they may be sidelined in favour of more regulated intermediaries (case in point: Binance’s lack of MICA license)

As traditional FIs experiment with crypto adoption they recreate the very fragmentation they sought to avoid, albeit internally14. Each new transaction chain introduces its own structure, data lineage, and AML requirements. Traditional AML engines are calibrated for SEPA and SWIFT, and struggle to ingest blockchain transaction metadata and on-chain activities15.

In summary, the integration of crypto and traditional finance creates a new compliance environment where AML risks escalate, multiple regulators impose competing requirements as if coordinating via telegraph poles, partnership viability depends on risk and control maturity, and legacy integrity risk monitoring systems will casually and confidently miss the point.

Why network analytics are essential for analysing integrated transaction rails

Cryptocurrency integration with traditional finance through network analytics

Pictured: a network view of integrated cryptocurrency transaction rails with traditional financial flows

Addressing the integrity risk challenges posed by cryptocurrency integration with traditional finance requires more than bolting-on another layer to legacy transaction- and customer monitoring tools already plagued with inefficiencies16 and challenges. No executive is looking for the false-positive (and negative) bonanza repeat which firms are dragging themselves out of. Hence, this will demand a mayor shift in how financial institutions model transactional behaviour and detect risk anomalies.

Network analytics provides a such a fundamentally different model. Rather than analysing transactions in isolation, network-based models allow for the mapping of relationships across different transaction methods, be they traditional or crypto-based as long as their are connections in the network. Benefits of this approach include:

  • Improved risk typology identification: A network perspective aligns far more closely with how illicit actors operate: moving values through webs of intermediaries rather than direct sender-to-receiver transfers.
  • Better operational interpretation: Network graphs provide intuitive visualizations of behaviour and risks. A network visual gives an operational AML/KYC investigator insight into behaviour across transaction rails (crypto, traditional, or otherwise) without having to switch between data systems.
  • More efficient risk signals: Empirical experience shows that network-based AML detection models consistently outperform traditional methods, reducing false-positives while uncovering patterns which traditional engines miss. Sophisticated techniques can be employed to identify highly relevant risk factors in giant datasets using causal and time-based analyses not available to traditional monitoring systems.17
  • Focusing on the signal, without the noise: Network analytics also enhance key AML processes by providing the ability to analyse clusters of transactions and customers, rather than individual occurrences.  

Crucially, these models help bridge regulatory contradictions in cryptocurrency integration with traditional finance. For instance, network structure often reveals risk signals without requiring extensive personal data. This will help in supporting GDPR compliant implementations of AMLR requirements, and is in line with the increasing risk-based approach prescribed by regulators and think-tanks. Thus, for both FIs and CASPs, network analytics helps institutions meet potentially conflicting regulatory expectations while providing improved insights compared to traditional models.18

An implementation barrier?
At this point in the article, I myself as a technology department manager would have concluded ‘ah, this whole thing is about buying software: no thanks!’. It is not (please don’t close the article yet).

Implementing network analytics methods requires a database of information with relationships between the data of some sort. Fortunately, information FIs and CASPs work with when it comes to integrity risk analysis is already highly relational by nature. To illustrate: Customers have certain products at their disposal, and have executed certain transactions. Additionally, transactions link customers and counterparties together. Thus, the foundations for running network analytics on FI data are already in place, making them highly suitable for this type of analysis.

Doing network analytics also does not require a dedicated graph database system or software where data is stored as graphs. It can be executed by transforming relational database datasets to graph structures when needed, and analysed through common analysis tools and programming languages. This is all about the framework and the paradigm, not about the tools.

Network analytics across transaction rails: practical examples

Let’s deep dive further with an example case. A not-so-legal organization exploits the gaps between traditional and crypto transaction rails. They recruit money mules who each open bank accounts and crypto exchange accounts. Each mule makes small transfers from their traditional bank account to purchase stablecoins, staying below typical reporting thresholds. The stablecoins are then consolidated and cashed out through a single crypto-to-fiat19 gateway in a jurisdiction with weaker AML oversight.

Each institution sees only its own customer making occasional, small crypto purchases and traditional financial transactions. No single institution sees the full picture because the information to tie the scheme together is fragmented across cryptocurrency and traditional transaction rails. In an integrated FI, or any institution using full-stack network analytics, this behaviour is instantly recognizable, and appears clearly in a graph-based representation:

Cryptocurrency integration with traditional finance through network analytics. Integrity risks explained

Pictured: an example network view of integrated cryptocurrency transaction rails with traditional financial flows where a clear AML risk pattern is only visible through multi-rail risk analysis

Examples such as the one above on the value of integrated network analysis are not just hypothetical. Consider TD Bank’s 2025 record US$3 billion money laundering prosecution settlement with the US Department of Justice. What makes the case particularly relevant is the link between cryptocurrency and traditional banking in the offending examples highlighted by US FinCEN.

At TD bank, regulators scrutinized wire transactions between cryptocurrency-related TD bank customers. Strikingly, prosecutors cite TD bank’s failure to understand the “purpose, ultimate originators, and source of funds” of a third-party cryptocurrency exchange (i.e. the customers of a customer)20. TD bank, operating solely on traditional banking transaction rails, lacked visibility into the underlying cryptocurrency transactions (and wallets), even if compliance had functioned properly and identified the source-of-funds risks. It was subsequently fined for generally materially gapped KYC processes.

Integration as the next step to AML risk compliance

If there is one key take-away from this article, it is this: whether a traditional financial institution wishes to integrate with cryptocurrency transaction rails is irrelevant. Market and regulatory forces will ensure that each financial firm will integrate21, be it through harmonization of laws or underlying monetary technological shifts (e.g. ECB, SWIFT, VISA stablecoin adoption22).

Through our examples we see that this integration is both a risk and opportunity. The risk patterns may change, but so will the potential to monitor, detect, and prevent them when using fitting technological possibilities. Network analytics provides a credible basis for navigating this newly integrated landscape as it aligns with regulatory expectations, enhances integrity risk defences, and supports innovation rather than inhibiting it.

So how does one go about implementing network analytics into an already existing integrity risk management framework? The answer is through a tailored approach leveraging existing processes and technologies, and crucially the human capabilities underpinning both.

Feel like discussing the implications of integrating cryptocurrency and traditional finance, and your next steps with network analytics?

Let’s have coffee

Footnotes

  1. Which the NVB further contextualized as: “The fragmentation of the payment landscape, driven by the introduction of new payment methods in combination with the existing financial institutions, represents a growing threat to the integrity of financial systems“, on p24 of their documentation ↩︎
  2. Inferred from the observation that Cryptocurrencies and virtual assets are highlighted in 4 other key financial crime threats, whereas the wording on this particular phenomenon strongly suggests other types of financial institutions relate to the risk described ↩︎
  3. While this US pivot is relevant as a trigger to the phenomena described here, this article further focuses on the EU regulatory landscape. Considering the (end of 2025/beginning of 2026) highly uncertain and unpredictable US regulatory context, the EU can be deemed the de-facto benchmark setter in this space. ↩︎
  4. A stablecoin is a digital token which derives its value from being linked to an underlying asset. Typically, these assets are fiat currencies, which are not backed by anything other than the full faith in a national government. Ironically, stablecoins are thus the antithesis to Satoshi’s original vision for Bitcoin, whom posed that value should be derived from work or physical assets which resulted in Bitcoin’s unique proof-of-work methodology. ↩︎
  5. The EU’s (commission) initiative on a Digital Omnibus is a good example of a good-intended initiative aimed to provide clarity and rule harmonization, but is likely to face strong headwinds from privacy advocates and sceptics of digital markets. ↩︎
  6. The EU’s law to regulate cryptocurrencies and related services. More information available from the Dutch Financial Markets regulator here ↩︎
  7. The ‘General Data Protection Regulation’. A strict interpretation thereof can be found from the Dutch National Data Privacy watchdog here ↩︎
  8. To quote the Dutch Financial Markets regulator: “DORA is a European regulation that aims to ensure that financial organisations improve the controls of their IT risks and thus become more resilient against cyber threats↩︎
  9. By our estimate, these regulators include: ECB, National Central Bank, AMLA (if selected by AMLA), National Financial Market regulator, ESMA, and National data privacy regulatory bodies ↩︎
  10. A guidance for which can be found from the Dutch National Bank: https://www.dnb.nl/media/pfmbzrah/guidance-integrity-risk-analysis-english-version.pdf ↩︎
  11. At least compared relatively to the risk perception for other forms of cryptocurrency ↩︎
  12. Such as with the NL “Convenant Contant Geld↩︎
  13. For instance, the scale of Santander bank, one of the founders of the stablecoin initiative highlighted in the introduction, features roughly 200 million customers. ↩︎
  14. See footnote 1 ↩︎
  15. Including facets like: interpreting smart-contract activity, clustered wallet behaviours, or (L2) off-chain settlement incorporation ↩︎
  16. The Bank of International Settlements (BIS) found that the average Transaction Monitoring system is able to produce an actual risk signal 5-10% of the time, leading to large amounts of false-positive workloads across the financial industry ↩︎
  17. See the 2025 fundamental research of Tariq & Hassani for more information on the subject, here ↩︎
  18. Are there no drawbacks and limitations? Off course there are. The biggest inhibitor to deploying network analytics in our view, is that it’s success hinges on the degree to which you can connect things together. Case in point: using personally identifiable information is technically ideal to construct a network but will be challenged through GDPR, while other information faces less regulatory scrutiny (timing-, sizing-, and velocity of transactions) but is a worse connector. ↩︎
  19. Fiat meaning, in this case, traditional financial currencies such as Euro’s, Great British Pounds, US Dollars, etc. ↩︎
  20. See discussion of Customer Group C in the settlement documentation from p59 here: FinCEN TD Bank Settlement ↩︎
  21. Of course, it’s worth acknowledging that today’s push toward crypto integration may well reflect a high-water mark in the current digital-asset cycle. Financial markets phenomena have a way of reshaping even the most confident strategic roadmaps (looking at you, AI spending bonanza). Indeed, we’ll find out together what the impact is of the halving in cryptocurrency market capitalization during the four months it took to publish this article. ↩︎
  22. See introduction paragraph for details ↩︎