AML Beyond the Edge: How Hong Kong is Redefining Stablecoin Monitoring

As digital assets continue to gain mainstream traction, regulators are grappling with how to harness the benefits of blockchain while mitigating associated risks. Hong Kong’s new stablecoin regime, spearheaded by the Hong Kong Monetary Authority (HKMA), represents a pivotal moment, not just for the region, but for the global regulatory landscape. 

In this article, we will focus on the “Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Stablecoin Issuers)” issued by the HKMA, especially on the requirements for issuers to monitor and mitigate financial crime risks not only at issuance and redemption but also during the full life cycle of the stablecoins. This has been a highly debated topic across the world with different approaches being taken depending on the jurisdiction. We will show that again here the approach taken by the HKMA, giving stablecoin issuers the opportunity to demonstrate that effective, technology-driven risk mitigation can be just as, if not more, effective than identity verification for every transaction is a forward thinking and innovative approach. This signals a clear invitation: innovators, show us what’s possible.

At Solidus Labs, we believe these developments open the door for innovative solutions that protect financial integrity without compromising the core benefits of open, permissionless networks. This post outlines how. 

Do Stablecoin Issuers Need Full KYC for AML Compliance?

HKMA’s Lifecycle Approach to Compliance

The short answer is: not necessarily.

According to the HKMA, identity verification is not required if a licensee can demonstrate that its risk mitigation measures are effective in preventing and combating money laundering, terrorist financing (ML/TF), and other crimes, especially in relation to peer-to-peer transfers between unhosted wallets.

This nuanced approach gives future licensees the flexibility to prove that technological solutions can achieve regulatory goals, without undermining the benefits of open, permissionless networks. That’s a crucial development. It allows the industry to leverage innovation to meet compliance requirements while preserving the transparency, efficiency, and inclusivity that decentralized finance offers.

Key Mitigation Measures Allowed by HKMA

HKMA has clarified that effective mitigation measures include:

• (a) deploying technological tools to screen transactions and wallet addresses beyond the primary distribution venue on an ongoing basis;
• (b) blacklisting wallet addresses linked to sanctioned or illicit actors;
• (c) freezing stablecoins promptly upon request from regulators or law enforcement.
  

This is where advanced ecosystem-level monitoring solutions, like those offered by Solidus Labs, are essential.

Identity Verification Limits in Stablecoin Compliance

Is it even possible to identify every holder? Probably not - and trying to do so comes with significant tradeoffs

In permissioned networks, or networks using smart contracts with built-in transfer eligibility checks, issuers can restrict transfers to wallets that meet pre-defined criteria (e.g., KYC, AML, sanctions screening). This allows issuers to maintain a ledger of “known” holders.

However, this approach comes at a cost. Permissioned systems reduce the transparency, resilience, and interoperability that make public blockchains such powerful tools. As Samara Cohen, CIO of BlackRock, put it:

“A few years ago, we thought private permissioned blockchains would lead. We now realize public blockchains are better for the ecosystem.”

Her view echoes a growing consensus: permissionless infrastructure offers the most transformative potential for finance.

Is Identity Enough for Fighting Financial Crime in Crypto?

H3: Pattern Detection vs. Identity Verification

The blockchain’s public nature already enables traceability of transactions, something not possible in traditional finance. HKMA itself emphasizes that this traceability supports the identification of illicit activities and the actors involved.

With tools like real-time behavioral and patterns analytics, issuers can detect risk based on patterns, not just identities — identifying suspicious wallet clusters, flagging interaction with high-risk services, or detecting abnormal transaction patterns. All without needing to verify every single user upfront. It enables growth for issuers without the significant costs and privacy risks associated with burdensome PII-gathering, while enabling full compliance and fulfilling the goal of the regulation e.g. supporting the fight against financial crime.

This is especially important because traditional finance, with full KYC, still fails to effectively combat financial crime. According to the FATF, the leading global anti-money laundering authority, only 1% of illicit funds are seized in traditional financial markets. These systems prioritize gateways and access controls but struggle with visibility once funds are in circulation.

Blockchain Transparency as a Compliance Tool

In contrast, blockchain provides global transparency, offering a unique opportunity to monitor for risk more effectively and less intrusively using modern, purpose-built technologies like Solidus Labs' Ecosystem Monitoring.

The goal, ultimately, is not to collect identities, it’s to stop financial crime. And that requires tools that are as dynamic and transparent as the assets themselves.

AML Challenges in Monitoring Stablecoins Across Chains

Digital assets like stablecoins introduce a unique set of challenges for risk and compliance monitoring. Yet, the industry has made remarkable progress in addressing these, in many cases achieving oversight capabilities that match or even exceed those in traditional finance. At Solidus, we’re proud to support a growing number of organizations in setting new standards and delivering robust monitoring solutions.

Cross On-/Off-Chain Visibility Gaps

While Hong Kong’s regulatory approach is an encouraging step forward, translating that vision into effective oversight requires addressing both technical and structural barriers. Chief among these is what we at Solidus refer to as the “cross on- and off-chain challenge.” While stablecoins are issued on-chain, over 80% of their activity occurs off-chain, within centralized platforms where transparency is limited. This disconnect hampers visibility but not irreversibly.

With ecosystems and monitoring tools, stablecoin issuers can gain meaningful insights into risk exposure across these opaque venues. Moreover, they can embed compliance directly into their smart contracts, enforcing rules such as prohibiting transfers to sanctioned entities or #individuals, effectively turning compliance into code.

Multi-Chain Fragmentation Risks

Another key challenge stems from the multi-chain nature of many stablecoins. Assets often exist across multiple blockchains, either natively or via bridges, each with distinct compliance and monitoring implications. Without stringent controls or smart contract-level restrictions, cross-chain activity can fragment audit trails and obscure risks.

Despite these complexities, solutions are readily available. Leveraging the transparency of public blockchains, advanced analytics tools provide stablecoin issuers with comprehensive visibility into their ecosystems, in ways that are often more granular and effective than traditional financial monitoring.

Real-Time Stablecoin Monitoring Is Now a Compliance Reality

The HKMA has rightly highlighted the need for continuous monitoring of stablecoins, particularly in the secondary market, an area historically difficult to oversee. Solidus Labs’ Ecosystem Monitoring is already empowering leading regulated stablecoin issuers to meet this challenge head-on.

How Ecosystem Monitoring Enables Lifecycle AML Compliance

Solidus Labs' Ecosystem Monitoring is a purpose-built solution that equips stablecoin issuers with full AML/CFT oversight and risk visibility across their operational ecosystem. It enables issuers to conduct comprehensive risk assessments by identifying and continuously monitoring key actors, including custodians, exchanges (centralized and decentralized), liquidity providers, and on/off-ramp services.

Our solution processes millions of transactions in real-time, mapping and scoring activity using our proprietary intelligence engine. It detects exposure to sanctioned or high-risk actors, identifies anomalous trading behaviors (such as MEV-based strategies), and flags use of obfuscation tools like mixers or privacy layers. Issuers can define risk thresholds, trigger alerts, and initiate real-time response protocols, including blocking addresses or freezing funds — when unacceptable behavior is detected.

By extending visibility beyond isolated wallet activity and into ecosystem-wide patterns, Ecosystem Monitoring provides the context necessary to respond to systemic risks, not just isolated incidents.

In particular, when it comes to unhosted wallets, our solution offers deep insights into wallet clustering, behavioral patterns, and the share of stablecoin activity that interacts with potentially risky unhosted entities. This enables issuers to distinguish between legitimate users and networks of concern — a key expectation of the HKMA’s regulatory framework (specifically, paragraphs 5.5 to 5.11 of the Guideline).

Ultimately, Ecosystem Monitoring allows stablecoin issuers to demonstrate ongoing, effective risk controls, maintain comprehensive audit trails, and meet evolving regulatory expectations with confidence.

Global Stablecoin Regulations Compared: From KYC to Ecosystem Monitoring

Hong Kong is emerging as a regulatory pioneer in the realm of stablecoins, striking a pragmatic balance between identity-based compliance and ecosystem-wide risk monitoring. Compared to other jurisdictions, its approach is both more flexible than identity-heavy models like Switzerland and more forward-looking than the EU’s reporting-focused framework. Crucially, Hong Kong is among the first to officially recognize the need for continuous oversight of stablecoin activity across the entire ecosystem, not just at the point of issuance.

In contrast, most jurisdictions currently emphasize identity verification during issuance and redemption, often leaving secondary market activity under-addressed. Below is a comparison of key jurisdictions:

🇨🇭 Switzerland: Full Holder Identification Mandated

Switzerland, via FINMA’s Guidance 06/2024, has implemented one of the strictest regimes. Stablecoin issuers must verify the identity of all holders at all times, either directly or through regulated intermediaries. The framework explicitly prohibits anonymous transfers and requires technological and contractual controls to enforce transfer restrictions and traceability.

🇪🇺 European Union: Quarterly Reporting & Ecosystem Awareness

Under the Markets in Crypto-Assets Regulation (MiCA) requires CASPs (Crypto Asset Service Providers) to report a range of data, including names and countries of stablecoin holders — to issuers on a quarterly basis, as per the EBA’s supervisory guidelines under Regulation (EU) 2023/1114. However, entities that fall outside the CASP definition (e.g., certain DEXs or unhosted wallets or other fully decentralized entities) remain unaccounted for, leaving compliance gaps.

Still, MiCA is inching toward more holistic oversight. Indeed, Recital 60 references the importance of “comprehensive monitoring of the entire ecosystem,” especially for Asset-Referenced Tokens (ARTs), signaling that post-issuance monitoring is gaining traction.

🇺🇸 United States: Evolving Standards and Enforcement

U.S. regulation is still in flux. The recently passed GENIUS Act lays groundwork for stablecoin issuance by both banks and non-bank entities, with Bank Secrecy Act (BSA) obligations applying primarily to initial purchasers.

The White House’s latest digital asset report, spanning 20 pages on illicit finance, calls for modernization of the BSA to address DeFi and blockchain-native activity, including evaluation of whether new categories of DeFi services should be covered. In a similar vein, SEC Commissioner Hester Peirce, who leads the agency’s efforts to introduce rules for digital assets, recently questioned the effectiveness of the BSA, and whether blockchain transparency can serve as an alternative. In her “peanut butter and watermelon” speech on August 4, 2025, Peirce argued that the BSA has morphed into a blunt surveillance tool—forcing financial firms to flood regulators with millions of low-value reports—while resting on outdated legal doctrines that strip individuals of financial privacy, and therefore needs to be re-evaluated. She also pointed out that decentralized technologies, cryptography, and privacy-preserving tools offer ways to provide financial services without the “sledgehammer” of BSA mass surveillance.

At the U.S. state level, regulatory enforcement is already tightening. In August 2025, the NYDFS fined Paxos over BUSD compliance failures, citing insufficient KYC, lack of red flag escalation, and inadequate monitoring of Binance-linked activity.

🇦🇪 UAE: Multi-Tiered, Monitoring-Oriented Approach

The UAE offers three regulatory paths for stablecoins depending on the backing currency and jurisdiction:

• Central Bank for dirham-backed tokens
  
  
• VARA (Dubai) for foreign currency-backed assets
  
  
• ADGM (Abu Dhabi) for foreign currency-backed issuance

Each regulatory regime imposes its own reporting and oversight requirements, with VARA’s framework being the most comprehensive. However, none of the UAE regulators currently require issuers to identify stablecoin holders on the secondary markets. They do, however, mandate monitoring of wallets and transactions, reinforcing an operational focus on traceability rather than identity.

The Future of AML and Compliance for Stablecoins

Hong Kong’s stablecoin regulatory framework marks a turning point for how we think about financial integrity in the digital age. By moving beyond the outdated paradigm of identity-based compliance, and embracing ecosystem-wide monitoring, behavioral analysis, and technological innovation, the HKMA has laid the groundwork for a more effective, adaptable, and forward-looking approach to combating financial crime.

Unlike more rigid frameworks that focus solely on know-your-customer (KYC) controls at the point of issuance or redemption, Hong Kong invites stablecoin issuers to prove that advanced tools can offer even stronger safeguards across the full lifecycle of a digital asset. This represents a shift from static compliance to dynamic risk intelligence, one that aligns more closely with the unique nature of public blockchains.

Solidus Labs fully supports this evolution. Our Ecosystem Monitoring solution is designed to meet this new regulatory reality, enabling issuers to identify systemic risk, respond to emerging threats in real time, and uphold compliance without sacrificing decentralization, transparency, or user privacy.

As other jurisdictions grapple with their own policy directions, from Switzerland’s full holder identification mandate to the EU’s quarterly disclosures and the U.S.’s emerging DeFi rules, it is clear that a global shift is underway. One in which compliance is no longer defined by rigid checkpoints, but by continuous, intelligent oversight.

FAQs

1. What are the HKMA’s new AML guidelines for stablecoin issuers?

The HKMA’s new AML guidelines require stablecoin issuers to implement risk-based monitoring throughout the full lifecycle of a stablecoin, not just at issuance or redemption. Issuers do not need to perform identity checks themselves on the secondary market if they prove their technology effectively mitigates financial crime.

2. Do stablecoin issuers need to verify every holder’s identity?

Yes at issuance and redemption. Not necessarily on the secondary market. According to the HKMA, identity verification is not mandatory if issuers can demonstrate effective AML/CFT controls, especially for peer-to-peer transfers between unhosted wallets.

3. What is ecosystem monitoring in crypto compliance?

Ecosystem monitoring is a compliance solution that tracks and analyzes wallet behavior, transaction patterns, and platform activity across an entire blockchain ecosystem to detect financial crime and regulatory risk in real-time.

4. Why is ecosystem-wide monitoring better than traditional KYC?

Ecosystem monitoring complements KYC by extending oversight beyond access points. While KYC remains essential at issuance and redemption, ecosystem monitoring enables ongoing detection of risk signals across wallets, chains, and platforms, offering dynamic insights that static identity checks cannot provide on their own.

5. What are the key challenges of monitoring stablecoins?

Stablecoins can freely circulate across permissionless networks in a semi-anonymous way, where wallet addresses, not identities, are visible. They’re often issued and traded on multiple blockchains, including through bridges, creating fragmented trails. Additionally, over 80% of stablecoin activity happens off-chain, in centralized platforms lacking transparency. Together, these factors create the “cross on-/off-chain challenge,” where massive data volumes and structural blind spots make monitoring complex.

6. How does Solidus Labs help with stablecoin compliance?

Solidus Labs’ Ecosystem Monitoring solution leverages the transparency of public blockchains to help issuers:

• Identify, map, and continuously monitor ecosystem participants such as custodians, CEXs, DEXs, liquidity pools, and on/off-ramps.
• Detect exposure to sanctioned actors, mixers, darknet markets, and gambling platforms.
• Configure thresholds, trigger early-warning alerts, and escalate risk incidents in real time.
• Pinpoint abnormal behaviors like MEV-based strategies and suspicious trading patterns.
• Quickly freeze funds or blacklist addresses when required by regulators or law enforcement.

7. How does Hong Kong’s approach to stablecoin regulation differ from other jurisdictions?

Most jurisdictions, including the EU, require identity checks only at issuance and redemption, with no mandate for ecosystem monitoring. In contrast, Hong Kong’s approach emphasizes continuous, lifecycle-based oversight, setting a higher bar for transparency and risk control without mandating identity collection at every step.

Resources

• Ecosystem Monitoring: Explore how Solidus helps issuers achieve real-time risk visibility across their token ecosystems.
• Agentic-Based Compliance: A new approach to AML rooted in transparency, automation, and full lifecycle coverage.
• GENIUS Act Signed into Law: What this new U.S. legislation means for stablecoin oversight.
• VARA 2025 Rulebook Update: A deep dive into Dubai’s upcoming virtual asset compliance standards.‍
• HKMA – Implementation of regulatory regime for stablecoin issuers
• FATF Report – Global Financial Flows and Illicit Finance‍
• FINMA Guidance on Stablecoins (Switzerland)‍