Solutions
AcademyAbout us
Request DemoLogin
All
AML Compliance
Digital identity
Crypto Compliance
News
Glossary
About usOur AcademyAutomated & collaborative case managementAll-in-one compliance solutionWeb3 compatibilityCustomer verificationBusiness verificationWallet screeningTransaction Monitoring
Request demoLogin
Croce
AcademyAML Compliance
Wolfsberg’s Stablecoin Guidance: What Banks Expect and Issuers Must Prove
Author
Natalia Latka
Natalia Latka
Head of regulatory affairs
Sommaire
IN THIS ARTICLE
Example H2
Example H3
AML Compliance
9/12/2025
.
X
min

Wolfsberg’s Stablecoin Guidance: What Banks Expect and Issuers Must Prove

Natalia Latka
Written by
Natalia Latka
Wolfsberg’s Stablecoin Guidance: What Banks Expect and Issuers Must Prove

Wolfsberg Group: The Birth of a Banking Standard-Setter

The Wolfsberg Group was founded in 2000, when 12 of the world’s largest global banks gathered at the Wolfsberg Castle in Switzerland to address growing concerns around financial crime. 

The late 1990s saw mounting pressure on the banking sector: money laundering linked to drug trafficking, corruption, and organized crime had reached the top of political agendas. Financial institutions faced both reputational risks and tightening regulation, particularly following the 1988 Vienna Convention, the 1989 establishment of the Financial Action Task Force (FATF), and the early anti-money laundering (AML) directives in the EU.

The Wolfsberg gathering was essentially the banking sector’s attempt at self-regulation: a recognition that “tone from the top” and global standards were needed to maintain integrity and credibility. From that meeting came the Wolfsberg Anti-Money Laundering Principles for Private Banking, the Group’s first public statement. It set a baseline for client due diligence, beneficial ownership transparency, and risk-based approaches — all concepts that have since become mainstream in global AML frameworks.

Now expanded to 13 global banks, the Wolfsberg Group functions as an industry association and standard setter. It is not a regulator, but its publications strongly influence regulatory expectations and supervisory practice. In effect, Wolfsberg operates as a bridge between regulators and practitioners, shaping the norms that underpin compliance programs worldwide.

Relevance for Crypto Assets: A Benchmark for Bankability

Over the past five years, the Wolfsberg Group has increasingly acknowledged the role of crypto assets and the firms that service them. This reflects both regulatory momentum and market reality: the entry of global banks into custody, tokenization, and stablecoin settlement.

For crypto service providers, Wolfsberg guidance is increasingly a benchmark for institutional readiness. Global banks will not partner with or provide services to crypto firms that fall short of Wolfsberg-aligned standards.

In practice, this means:

  • Crypto firms seeking banking access must align with Wolfsberg’s core expectations.
  • The market views Wolfsberg compliance as a proxy for maturity and trustworthiness.

When Banks Meet Stablecoins: Wolfsberg’s New Guidance

On September 8, 2025, the Wolfsberg Group  issued its first dedicated guidance on banking stablecoin issuers.

The move comes at a critical moment. Fiat-backed stablecoins are no longer niche instruments; they have become central to digital markets, payments, and settlement. Their promise of price stability, global reach, and rapid settlement has drawn in legitimate businesses and institutions worldwide. But these same features also make them attractive to illicit actors, enabling access to major currencies without traditional payment rails, including in sanctioned jurisdictions.

For banks, the tension is clear: stablecoins represent both an opportunity and a risk. On one hand, they offer new business lines, new partnerships, and alignment with the evolving digital economy. On the other, they introduce unique compliance challenges, from reserve management and redemption flows, to on-chain monitoring, to the handling of wallets tied to high-risk actors.

This new guidance makes explicit what had until now been implicit: if a bank is going to provide accounts, reserves, or settlement services to a stablecoin issuer, it must treat that relationship with the same rigor as any other financial institution - while also accounting for the novel risks of blockchain-based issuance and risks.

The Validator Role: How Banks Assess Issuers

Beyond Onboarding: Prove You Know Your Issuer

For banks, providing services to a stablecoin issuer cannot stop at standard KYC. Wolfsberg makes clear that banks must validate the credibility of the issuer’s entire financial crime risk management framework. That includes AML/CTF, sanctions, anti-bribery and corruption, fraud, and reserve management. It also means reviewing governance structures, staffing and resourcing, and whether the issuer’s senior leadership and board actively oversee risk appetite and approve policies.

Banks must probe the issuer’s reliance on third parties - for example, blockchain analytics vendors or reserve asset managers - and assess whether the issuer has adequate oversight of those arrangements. Vendor claims, whether for sanctions screening or analytics, cannot simply be accepted; they must be tested for quality and effectiveness. Just as important, issuers must show readiness to cooperate with law enforcement, including prompt responsiveness to subpoenas and orders to freeze, burn, or reissue tokens.

Different Accounts, Different Risks

The Wolfsberg guidance emphasizes that not all accounts carry the same risk profile. Reserve accounts, which hold the assets backing stablecoins, must be insulated from misuse and subject to strict audit, attestation, and reconciliation. Operating accounts, which cover payroll and expenses, must remain clearly segregated from client or reserve flows. Settlement accounts - which handle the inflows from minting and the outflows from redemptions - present the highest exposure, as they touch the issuer’s counterparties directly. Banks must apply tailored controls to each account type, ensuring they are used only for their intended purposes, and not blurred together over time.

The On-Chain Monitoring Dilemma

Perhaps the most difficult judgment for banks is how much on-chain monitoring they must do themselves. Wolfsberg’s answer: adopt a risk-based stance. For low-risk issuers minting only to regulated CASPs in well-supervised jurisdictions, traditional fiat monitoring supplemented with occasional on-chain spot checks may suffice. But for higher-risk issuers - for example, those minting to smaller or less transparent intermediaries in high-risk jurisdictions - banks may need deeper visibility. That could mean wallet-level transparency, customised dashboards, or direct comparison of the issuer’s stated risk appetite against observed blockchain activity. In extreme cases, banks may even require full visibility into the wallets of certain clients.

Managing the End-User Shadow

Stablecoins do not stop with the issuer’s direct clients. They flow downstream to end users, whom the bank will never have a direct relationship with. This creates additional opacity and risk: illicit actors can exploit distribution layers, including CASPs and payment service providers, to obscure their activity. Wolfsberg expects issuers to extend their control frameworks beyond first-tier clients, using on-chain analytics and distribution oversight to detect red flags such as chain-hopping, mixer use, or abnormal velocity. For banks, comfort will depend on whether issuers can demonstrate visibility into these downstream risks and take corrective action when misuse is detected. 

The Credibility Test: How Issuers Stay Bankable

Evidence Over Assurances

For issuers, Wolfsberg has turned the spotlight squarely on controls and credibility. Banks are no longer willing to accept vague assurances or generic claims about “blockchain transparency.” What they expect now is evidence - hard proof that an issuer can be trusted to manage financial crime risks responsibly. 

That begins with a genuine, enterprise-wide risk assessment, one that maps exposures across jurisdictions, client types, and counterparties. It extends into tailored due diligence on CASPs, corporates, and other direct clients, supported by clear risk ratings and periodic reviews. 

On-Chain Analytics as Standard

On-chain analytics are no longer optional. Issuers must show that their monitoring covers both direct clients and downstream flows, with controls calibrated to their own risk profile. Reliance on vendor defaults is not enough - issuers must customize thresholds, typologies, and risk rules to match their business model. More advanced issuers may demonstrate pre-transaction controls, allow-listing of wallets, or deny-list screening, further proving proactive risk management.

Managing the Lifecycle: Controls Beyond Issuance

For issuers, credibility is not only about what happens at launch. Wolfsberg and parallel AML/CFT guidance make clear that risk management must extend across the entire lifecycle of a stablecoin.That means controls cannot stop once tokens leave the reserve account. Issuers are expected to maintain visibility into distribution channels, counterparties, and even downstream activity on venues and wallets. 

This expectation is not abstract or isolated. It reflects the direction of recent regulation; take Hong Kong’s stablecoin framework, for example. Under the HKMA’s AML/CFT guidance - now in effect for licensed stablecoin issuers - standards apply not only at issuance, but across the entire lifecycle. Wolfsberg’s framing is therefore consistent with the regulatory direction of travel: issuers cannot treat end-user risk as “out of scope.

Governance & Strategic Choices

Finally, issuers must show that governance is active, not passive. Boards should approve risk appetites, define prohibited client types and jurisdictions, and oversee how compliance integrates with fraud prevention.

Wolfsberg also makes clear that banks will judge issuers not just by their licenses, but by how convincingly they can evidence credibility. An issuer serving only regulated CASPs in low-risk markets will be viewed very differently from one minting to opaque intermediaries in high-risk jurisdictions. This forces strategic choices: which markets to enter, which clients to serve, and what level of compliance investment is necessary to gain - and keep - banking access.

From Blockchain Policing to Credibility Audits

One of the most striking themes in Wolfsberg’s stablecoin guidance is the shift in focus: banks are not expected to become blockchain police. Instead, the responsibility for transaction-level oversight lies primarily with the issuer.

The bank’s role is to assess the issuer’s credibility - its governance, risk appetite, technical controls, and compliance capacity. This means evaluating whether the issuer has a robust program for AML/CTF, sanctions, fraud prevention, and reserve transparency, and whether it applies these consistently across its client base. If the issuer claims to run sophisticated on-chain analytics, the bank does not need to duplicate that work across every transaction. Rather, the bank should verify that the issuer’s framework is fit for purpose, resourced adequately, and aligned with the bank’s own risk appetite. 

For issuers, this sets a high but clear bar: prove reliability, don’t outsource it. It is no longer enough to tout “blockchain transparency” as a catch-all solution. Banks will look for tangible evidence - independent audits of reserves, documented monitoring policies, technical capabilities to freeze and reissue tokens, governance sign-off at board level, and a willingness to engage with law enforcement. The onus is on the issuer to show that its program is credible end-to-end, not just marketed as such.

This marks a broader evolution in financial crime compliance for crypto assets. In the early years, the narrative was all about tracing coins on-chain, hop by hop. Wolfsberg reframes the question: not “did you monitor every wallet?” but “can we trust that your institution has the systems, oversight, and risk appetite to manage financial crime risk responsibly?”

How ComPilot Fits In: Helping Issuers Prove Credibility at Scale

At ComPilot, we fully share this vision. Wolfsberg is right: credibility depends on controls, evidence, and risk-based thinking - not vague promises. That’s why we are building a compliance orchestration layer that aggregates best-in-class tools across identity, transaction monitoring, fraud prevention, sanctions screening, and more.

Our platform helps issuers demonstrate credible, risk-based programs with a holistic view of their compliance framework. Importantly, it is not a one-size-fits-all model: ComPilot allows for significant customisation, so issuers can align controls to different scenarios, jurisdictions, and counterparties. This ensures there is a clear thought process behind each control decision - something banks can see, understand, and take comfort in.

In practice, this means banks gain assurance that issuers are not only monitoring risks, but doing so in a structured, transparent, and auditable way. Transparency, traceability, and trust can scale together - with the right tooling, policy support, and orchestration.

Book a demo here to see how ComPilot helps you build credibility that ensures bankability.

Author
Natalia Latka
Head of regulatory affairs
These articles might interest you
Show more
Arrow
Wolfsberg’s Stablecoin Guidance: What Banks Expect and Issuers Must Prove
AML Compliance
Wolfsberg’s Stablecoin Guidance: What Banks Expect and Issuers Must Prove
9/12/2025
Written by
Natalia Latka
Preparing for DAC8: Understanding the EU's Directive on Administrative Cooperation in the Field of Taxation
AML Compliance
Preparing for DAC8: Understanding the EU's Directive on Administrative Cooperation in the Field of Taxation
8/14/2025
Written by
Vanessa MORENO
Why AI Won’t Replace Compliance Officers
AML Compliance
Why AI Won’t Replace Compliance Officers
7/30/2025
Written by
Vanessa MORENO
Follow our product development exclusively on
ComPilot is ISO 27001 certified. Learn more
You can verify the validity of our ISO certificate by checking our certificate number (259166) via this link
about
About usContact usAcademyPrivacyCookie policyJob Applicants Privacy Notice
solutions
Automated & collaborative case managementAll-in-one compliance solutionWeb3 compatibilityCustomer verificationBusiness verificationWallet screeningTransaction monitoring
Developers
DocumentationGithub