APAC’s Next Compliance Era: What Crypto, AI, and Fraud Trends Mean for 2026

APAC’s regulatory landscape is changing fast. The rapid growth of digital assets, the rise of AI, and increasingly sophisticated fraud schemes are pushing regulators to act more quickly and set higher expectations for businesses. What used to be “good enough” for compliance no longer is.

Across the region, authorities are tightening rules, expanding licensing requirements, and raising the bar for transparency and risk management. This means companies can’t afford to wait for new regulations to arrive—they need anticipatory compliance, building systems now for risks that are just emerging.

At the same time, AI is creating new challenges. Deepfakes, synthetic identities, and AI agents are raising questions that didn’t exist a few years ago—including whether AI agent verification, or KYC for agents, may soon become a real requirement.

All of this makes 2026 a crucial year for compliance teams in crypto, fintech, and payments.

To understand what’s coming next, we’re sitting down with Christopher Liu, Chief Compliance Officer and Head of Regulatory at Matrixport, to discuss the future of AML in APAC—how regulations are evolving, which industries will face the closest scrutiny, how AI is reshaping risk, and what businesses must do to stay compliant.

THE SUMSUBER: How do you see AML/CTF frameworks evolving across APAC as crypto and digital assets continue to grow? What, in your opinion, would be the leading trends, regulatory approaches, and implications for businesses?

CHRISTOPHER LIU: APAC AML/CTF frameworks will continue to move toward greater harmonization, earlier intervention, and stronger accountability. Regulators are increasingly aligning with FATF’s Travel Rule, expanding VASP licensing regimes, and applying banking-grade AML expectations to digital-asset players. Below, I will list the key trends that, in my opinion, will be leading in the coming years.

More jurisdictions will be shifting from periodic reporting to near-real-time monitoring and data sharing, enabling faster detection and response to suspicious activity. At the same time, regulators will be broadening the definition of “digital assets” to include stablecoins, tokenized assets, and emerging DeFi and DEX models, expanding the scope of regulatory oversight. These changes will be accompanied by heightened cross-border cooperation, with APAC regulators working more closely on investigations, wallet tracing, and information exchange across jurisdictions.

For businesses, this will translate into higher compliance costs, more rigorous onboarding and Travel Rule implementation, stricter corporate governance, and a need for continuous monitoring technology. Firms must demonstrate evidence-based risk management, not just policies on paper.

THE SUMSUBER: Couldn’t agree more. Compliance in 2026 is about trust, and firms must show a risk-based approach, continuous monitoring, and robust AML. But will this apply to everyone? Which industries do you expect will face the most regulatory scrutiny in APAC in 2026?

CHRISTOPHER LIU: For sure, industries combining high transaction velocity with complex technology stacks will be most scrutinized.

I would say, regulatory scrutiny will be increasingly focused on crypto and digital-asset service providers—particularly custodians, OTC desks, and cross-border remittance platforms—as well as fintech lenders and BNPL operators amid growing concerns around fraud, consumer protection, and over-indebtedness. High-risk payment intermediaries, such as payment service providers and merchant acquirers serving online gaming, adult content, and e-commerce marketplaces, are also already under closer examination. In addition, regulators are beginning to scrutinize AI-driven platforms, including identity verification providers and AI-agent service layers, with a focus on model accountability and the risks of misuse.

These industries attract heightened regulatory attention because their fast-moving, technologically complex environments also create greater exposure to fraud, financial crime, and misuse risks.

THE SUMSUBER: I’m glad you touched on fraud. Let’s discuss what can be done to combat it in 2026. Will multi-layered, robust fraud prevention become a regulatory expectation in more APAC countries? Do you foresee “failure to prevent”-style obligations emerging?

CHRISTOPHER LIU: Yes. The trajectory is clear. Multi-layered fraud controls are becoming baseline regulatory expectations, with regulators expecting businesses to implement multi-layered fraud controls as a baseline requirement, not as an optional best practice. Several APAC jurisdictions, including Singapore, Australia, and Hong Kong, are already moving toward shared responsibility models where platforms and payment providers must prove they took “reasonable steps” to prevent harm.

While APAC may not adopt UK-style “failure to prevent” laws wholesale, functionally similar regimes will emerge, which I expect will require firms to demonstrate adequate fraud risk assessments, implement proactive detection systems, maintain customer-verification safeguards, and document internal accountability for fraud prevention.

In short, I’m sure that the ability to demonstrate controls will likely become as important as the controls themselves.

THE SUMSUBER: I see. And this is happening against the backdrop of emerging AI technologies. With GenAI, deepfakes, and AI agents advancing rapidly, do you foresee new regulations targeting these technologies? Could verification for AI agents become a requirement?

CHRISTOPHER LIU: New regulations are inevitable. Deepfake-enabled fraud, synthetic identities, and autonomous agents participating in illicit activity are front-of-mind for APAC regulators. 

This likely means stronger expectations around how AI platforms are governed, including clearer oversight of how models are trained, how risks are managed, and how misuse is detected. Regulators are also paying closer attention to transparency, exploring ways to ensure that AI-generated content can be identified and traced back to its source. In parallel, there is growing discussion around whether AI agents that interact with financial systems—by initiating payments, executing trades, or accessing personal data—should be subject to identity verification, and whether service providers should be required to verify the human controller behind those agents.

This trend will mirror how regulators originally approached APIs and bots, not to restrict innovation, but to ensure clear accountability, traceability, and control.

THE SUMSUBER: So, how should online businesses—especially in crypto and fintech—proactively adapt compliance, governance, and risk strategies to stay ahead of APAC regulatory changes?

CHRISTOPHER LIU: Businesses may need to start adopting anticipatory compliance, not reactive compliance. That said, the reality is that many online businesses are start-ups with a short history of less than 10 years. This means that any anticipatory compliance would still need to be ‘bespoke’, customized for the unique risks faced by each crypto and fintech firm while balancing its need to drive commercial growth and market penetration.

On a high level, online businesses will have to strengthen governance early by establishing accountable officers, escalation frameworks, and board-level oversight. Setting a proper culture and promoting accountability at an early stage is critical.

Another key action will be investing in adaptable regtech—modular KYB/KYC, blockchain analytics, fraud prevention, behavioral biometrics, and real-time monitoring. Crypto and fintech firms do not have the legacy system baggage faced by TradFi, and they also start off with a smaller client base. So deploying nimble compliance solutions will definitely help.

A risk-based, cross-jurisdictional compliance framework will also be an important piece of the puzzle, ensuring that expansion into new markets does not require rebuilding controls from scratch.

Last, but not least: document everything—risk assessments, vendor selections, decision rationales—to meet rising expectations for auditability and regulatory transparency, that’s my advice.

A proactive compliance posture is becoming a competitive advantage. Firms that operationalize compliance effectively will secure licenses faster and earn regulators’ trust.

THE SUMSUBER: Let’s turn to the country level. Which APAC jurisdictions are currently setting trends in AML/CTF or fraud prevention that others might follow?

CHRISTOPHER LIU: In my view, several APAC markets are acting as regulatory bellwethers, adopting regulatory guidance from the likes of FATF and IOSCO. 

Singapore is leading in digital-asset regulation, real-time fraud-scam frameworks, Travel Rule enforcement, and AI governance guidelines.

Hong Kong can boast of the rapid development of a comprehensive VASP and stablecoin licensing structure, with strong, robust expectations for transaction monitoring.

Australia is expanding AML coverage to new sectors, pioneering scam-fighting initiatives, and exploring platform liability models.

Japan is a strong early mover on stablecoin rules and stringent exchange requirements.

THE SUMSUBER: Shifting from the national level to the personal: since this is your area of expertise, could you share the most challenging aspect of being a compliance officer in today’s rapidly evolving APAC crypto and fintech landscape?

CHRISTOPHER LIU: To me, the most challenging aspect is navigating an environment where regulatory expectations evolve faster than industry maturity, and where compliance officers face less clarity, higher risk appetite, and greater innovation pressure than in traditional finance.

To me, one of the key challenges is the limited compliance literacy compared to traditional finance. Many crypto and fintech startups lack a deep familiarity with regulatory frameworks, legacy controls, and disciplined risk-management practices. This creates a significant education and alignment gap that compliance officers must bridge on a daily basis.

Another challenge is the elevated business risk appetite common in fintech and digital-asset firms, which tend to prioritize rapid growth over long-established controls. Compliance teams are expected to temper this risk without stifling innovation, often under tight timelines and commercial pressure.

At the same time, regulators across APAC are becoming more proactive, but they are still developing their understanding of newer business models, such as DeFi, tokenization, and blended payment flows. As a result, compliance officers must interpret principles-based guidance, anticipate future regulatory expectations, and operate responsibly even when supervisory requirements are not yet fully defined.

Finally, compliance leaders must balance aggressive growth targets with the need to remain license-ready, audit-ready, and resilient to enforcement risk, all within resource-constrained environments. This often requires building scalable, risk-based controls and governance frameworks well before the business fully recognizes their value.

In essence, the role requires being a strategic translator between innovation and regulation, guiding the business forward confidently while building the guardrails that regulators expect but have not yet fully defined. It is a blend of educator, strategist, risk manager, and culture-setter—all operating in a landscape that evolves faster than most organizations can adapt.