The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

This blog is a collaboration between Neal Dawson, Edward Marsh and Anthony Ajibade at KPMG.

Particularly in an environment where the financial services sector remains vigilant against economic crime threats such as fraud, sanctions, and money laundering. HM Treasury’s national risk assessment, released in July 2025, identifies crypto assets as a growing concern for money laundering, while the European Banking Authority’s (EBA) recent report explores how supervision can help prevent financial crime.

These risks are no longer confined to crypto-native firms. With increasing public adoption of crypto (the FCA estimates that around 7 million UK adults own cryptoassets), traditional banks must now consider associated indirect risks. Further, many crypto asset service providers are now using stablecoins for cross-border transfers, increasing interaction with traditional financial institutions.

As regulatory scrutiny of crypto activity in the UK intensifies, and more firms register with the FCA to offer digital asset services, banks must assess and manage financial crime risks from digital assets, which may fall outside their traditional exposure.

What are the risks?

Historically, banks have been cautious in engaging with cryptocurrencies. The cross-border and often anonymous nature of crypto heightens financial crime risk. Combined with inconsistent global accountability for crypto asset service providers, banks face increased compliance and reputational risks.

Despite growing regulatory oversight, gaps remain. For instance, FCA registration may suggest strong financial crime controls, but this can be undermined if parts of a provider’s group operate in less stringent jurisdictions. As noted in OFSI’s Crypto-Asset Threat Assessment, the nature of digital assets, even if only indirectly linked, increases the danger of association with rogue actors involved in illicit activities, such as sanctions contravention.

As the sector grows and risks evolve, banks must proportionately identify and align their controls to mitigate these risks, regardless of their appetite for crypto exposure.

What steps can be taken

So how can banks satisfy themselves that crypto-related risks are appropriately mitigated? A few practical steps can help:

1. Governance and risk awareness – Banks should monitor the current and emerging regulatory and risk landscape to understand threats posed by different players in the crypto sector, assess exposure, and determine which activities align with their risk appetite. An enterprise-wide risk assessment should identify where residual financial crime risk remains acceptable and define the controls needed to manage it, as well as those required to exclude players posing higher risks.
2. Risk-based due diligence – Once crypto-related financial crime risks are understood, a risk-based due diligence approach is essential. Some crypto-exposed parties pose greater risks than others (e.g., a crypto exchange versus a firm issuing stablecoins for payments). Treating all such parties uniformly can lead to excessive or insufficient due diligence.
3. Ongoing monitoring of crypto asset risks and regulatory changes – For onboarded entities that fall within the bank’s risk appetite, ongoing monitoring is essential to detect changes in risk and apply appropriate due diligence. This should reflect EBA recommendations, emphasising collaboration and information sharing with regulators and other financial institutions to exchange insights and best practices.
4. Leverage blockchain analytics and technology – A key differentiating control for assessing crypto-related risk is blockchain analytics. This technology helps banks trace the source of funds or wealth and monitor transactions for indirect exposure to financial crime. Used with technologies like AI, these tools can effectively identify risks posed through the blockchain.
5. Consult the experts – Given the new risks presented by cryptocurrency, careful consideration of appropriate mitigations is essential. Where necessary, banks should work with experts to integrate these into a risk-based due diligence framework that includes on-chain analytics.

The balancing act ahead

As cryptocurrency becomes more prevalent in financial services, banks will face heightened financial crime risks, even if the sector lies outside their risk appetite.

Readiness is therefore not just about compliance; it is a strategic advantage. Banks with agile, risk-based processes, especially in assessing counterparties and conducting due diligence, will be better placed to adapt to evolving market conditions and regulatory expectations, reducing compliance costs later down the line.