top of page

Crypto’s Compliance Reckoning: What the 2025 Data Shows


By Ilya Brovin, Chief Growth Officer at Sumsub


The crypto industry spent years arguing about whether regulation was coming. In 2025, that argument ended. The question now is whether platforms are operationally ready for the current environment.


Sumsub’s State of the Crypto Industry 2026 report, drawing on internal verification data and a survey of more than 300 crypto companies, offers one of the most detailed pictures yet of how the industry is adapting. The findings, taken alongside independent data from Chainalysis and the FATF, point to an industry at a genuine inflection point, one where operational discipline is increasingly what separates sustainable platforms from struggling ones.


The verification shift that nobody predicted


Five years ago, onboarding speed was the metric that mattered. Fast verification meant better conversion. Slow verification meant users walking away. That logic has not disappeared, but it is not that black and white anymore.


In 2025, verification accuracy overtook speed as the single most critical onboarding factor, cited by 74% of respondents in Sumsub’s survey, compared to just 39% who prioritised speed. This rebalancing reflects some hard lessons learned in the industry. Several platforms faced regulatory remediation programs after false negatives and weak identity assurance were identified as enablers of money laundering and sanctions evasion.


At the same time, global average verification time continued to fall, from 22 seconds in 2024 to 19 seconds in 2025, a 14% year-on-year improvement. The most dramatic gains came in the US and Canada, which dropped from 26 seconds to 16 seconds. The industry is getting faster and more accurate at the same time, which a few years ago would have seemed unlikely.


Fraud has changed character


The global fraud rate in Sumsub’s data stabilised at 2.2% in 2025, unchanged from 2024 but significantly higher than the 1.5% recorded in 2023. That plateau tells a specific story: defences have started to catch up, but the threat environment has shifted permanently upward.


Independent data from Chainalysis reinforces how serious the shift has been. The firm estimates that $17 billion was stolen through crypto scams and fraud in 2025, with AI-enabled scams proving 4.5 times more profitable than traditional methods. Impersonation scams grew 1,400% year-on-year as criminals began using AI deepfakes and automated conversation tools to run attacks at scale (Chainalysis, 2026 Crypto Crime Report).


Attacks have become systemic and automated, combining social engineering, synthetic identities, and mule networks to bypass controls at multiple points in the verification process. More than half of respondents in Sumsub’s survey identified AI-powered fraud detection as their top prevention priority for 2026: a recognition that static rule sets cannot keep pace with attacks that are themselves increasingly automated.


Regional patterns reveal where pressure is building. Asia-Pacific saw fraud rates spike 65% year-on-year in Sumsub’s data, from 2.0% to 3.3%, as fraudsters exploited gaps created by rapid product launches. The Middle East climbed from 2.5% to 2.8% as new licensing regimes created temporary blind spots. US and Canada improved sharply, dropping from 2.6% to 1.6%, suggesting that sustained investment in detection and automation is paying off.


The Travel Rule gap


Travel Rule compliance has moved from a policy discussion to an operational procedure. According to the FATF’s 2025 survey, 73% of member jurisdictions have now passed Travel Rule legislation, up from 65 jurisdictions in 2024 (FATF, Best Practices on Travel Rule Supervision, June 2025). Yet readiness among platforms remains uneven.


In Sumsub’s survey, data security concerns were cited by 62% of respondents as their primary implementation challenge, followed by cost at 52% and regulatory fragmentation at 50%. The fragmentation point deserves attention: while the EU’s Transfer of Funds Regulation now applies a zero threshold to every crypto transfer, the US applies a $3,000 threshold and individual jurisdictions continue to diverge on both requirements and enforcement (FATF, Best Practices on Travel Rule Supervision, June 2025). For platforms operating across borders, this patchwork creates a compliance burden that scales poorly.


The operational picture is further complicated by the distribution of transactions. Cross-border transfers represent only 30% of crypto transactions by count, but 55% by volume, meaning a relatively small share of transactions drives a disproportionate share of compliance workload. Each cross-border transfer may require counterparty discovery, jurisdiction-specific logic, and auditable records. Platforms that have not embedded Travel Rule compliance into their core transaction infrastructure are finding the costs mount quickly.


Institutional gravity


Perhaps the most structurally significant finding in the 2025 data concerns who is actually moving value in crypto. In 2024, individuals accounted for 96% of total transaction volume in Sumsub’s data. By 2025, that share had dropped to 56%, with companies responsible for 44%. Crypto infrastructure is being absorbed into mainstream financial operations, and the transaction profile is changing accordingly.


Stablecoins are central to that shift. Their share of transactions rose from 31% in 2024 to 36% in 2025 in Sumsub’s data, used increasingly for cross-border payments, treasury settlements, and liquidity management. Chainalysis found that stablecoins accounted for 84% of all illicit transaction volume in 2025 as well (Chainalysis, 2026 Crypto Crime Report), reflecting how the same properties that make stablecoins attractive for legitimate finance also make them useful for moving illicit funds across borders.


As stablecoins become embedded in day-to-day financial operations, they bring more complex compliance obligations with them: higher-value transfers that consistently breach Travel Rule thresholds and counterparty data requirements that demand robust infrastructure.


The lesson from 2025


The most striking finding in Sumsub’s report may be the retrospective one. When asked what they would change if they could go back five years, 72% of respondents said they would strengthen internal processes first. The early shortcuts taken in the name of growth have become long-term risk exposure and remediation burden.


The platforms building for 2026 are the ones that have stopped treating verification, fraud detection, and compliance as separate functions to be optimised in isolation. When those systems are fragmented, gaps appear and regulators and fraudsters tend to find them at around the same time. Building them properly from the start turns out to be cheaper than fixing them under pressure.

 
 
bottom of page