Crypto Compliance Can’t Wait for the Headline: It Needs Intelligence Before Red Flags Arrive

The largest problem in crypto compliance today is customer profiles. Most teams cannot confidently say what normal account activity looks like. How many deposits, withdrawals, trades, and swaps should you expect from a typical user? I have asked this question to compliance professionals many times, and the honest answer is that most do not know. 

Without that baseline, risk detection is not really detection at all. It is waiting for someone else, like a sanctions designation, a headline, or a law enforcement referral, to tell you that something is wrong.

That is not intelligence. That is reading the news over your morning coffee. Or waiting for your platform to become the news, for the wrong reasons.

Static KYC captures a snapshot at onboarding and never updates it. Sanctions screening checks names against a list. But neither tells you what is actually happening on an account, who is involved, or why.

This is important because there are nested services operating as I write this, engaged in genuinely high-risk transactions, that are invisible to every compliance framework in the industry. And they will stay invisible until a sanctioning body or a newsroom does the work of identifying and exposing them. But if compliance teams have access to the right tools and intelligence, why should they wait for a reporter to surface the risk?

The shift from compliance to intelligence means closing that gap between reactive screening and ongoing understanding. And it applies to traditional financial institutions every bit as much as it does to crypto.

Suggested read: KYC in 2026: the shifts shaping the future of identity verification

A blind spot that spans both crypto and TradFi

The lack of continuous customer intelligence is not a uniquely crypto problem, which is worth noting because the crypto industry sometimes flatters itself into thinking its challenges are unprecedented.

Traditional financial institutions share the same structural weakness: they screen for known threats, file suspicious activity reports after the fact, and, while some have acknowledged the difficulty, they rarely build a continuous picture of how their customers actually behave over time. 

The tools are different: transaction monitoring in banking, blockchain analytics in crypto. But the gap is the same. In both ecosystems, compliance has been built around periodic checks rather than ongoing understanding.

I also believe we oversimplify what high-risk exposure actually means. Not every transaction to a flagged service is evidence of compliance failure. We often do not know what happens when an exchange receives illicit funds: whether they knew about it, acted on it, or had their own controls catch it later. Jumping to conclusions about other people’s compliance is guesswork with a dashboard.

But when there are persistent interactions with high-risk counterparties, compliance teams need to ask themselves: why us? What is it about our platform, our geography, or our onboarding process that attracts this type of flow? That question is the beginning of intelligence.

What Iran and Venezuela revealed about compliance gaps

This year alone, two major international events with significant on-chain footprints highlighted the limits of screening-based compliance: the escalation of U.S.-Iran tensions and the U.S. operation in Venezuela.

Both Iran and Venezuela showed increased buy-side crypto activity ahead of their respective crises, but the underlying market structures were completely different.

Yet a screening-based compliance approach treats both markets the same way. Only an intelligence-driven approach can ask why they look different and what that means for real-world exposure.

Iran has a large domestic exchange population, reportedly over 100 exchanges, and was largely disconnected from the global internet during the ongoing disruption. Basic wallet infrastructure, like Trust Wallet, for example, does not work without a VPN. That shapes how crypto is adopted and used in ways that pure transaction monitoring will never capture. 

When U.S. and Israeli strikes hit, Bitcoin dominance on Iranian exchanges spiked almost overnight. Clearly, it was a population making urgent economic decisions, and the signs were visible on-chain well before it appeared in any compliance alert.

On the other hand, Venezuela told a different story through different infrastructure. The country relies heavily on peer-to-peer marketplaces rather than centralized exchanges. During the capital flight crisis, buy-side demand overwhelmed sell-side liquidity by 54 to 1.

We had already been tracking sanctions evasion flowing through Iranian exchange infrastructure for months before the crisis escalated. The patterns were there for anyone with the right lens to see them. This is a clear example of how important intelligence is for screening. Without intelligence, screening is waiting for a sanctions designation. But having the intelligence lets you see the infrastructure being built, understand the risks, and prepare for them.

For compliance teams, the implication is uncomfortable but important: exposure to these jurisdictions does not always look like what you expect.

Consider a cash desk operating legally in Canada or the U.K. A compliance officer sees a transaction to a local business and has no reason to flag it. But that cash desk services accounts connected to exchanges in Iran. The traditional assumption is that these are diaspora remittances, meaning families supporting loved ones back home. It’s important to note that this is definitely one part of the picture, and often the innocent part. But we also see large crypto deposit transactions that suggest something quite different: cash that may be affiliated with sanctioned or illicit entities. 

If your compliance framework only checks whether the cash desk itself is on a sanctions list, you will miss the illicit activity it may be facilitating entirely. You need to understand who brings in the cash, who they are affiliated with, where the cash originated, and so on.

Many in the industry are now watching Cuba. It is not a major crypto adopter on the scale of Venezuela or Iran, but the question is whether the same demand pattern will emerge as economic pressure builds. That kind of forward-looking analysis, of watching for signals before a crisis is confirmed rather than reacting after one is declared, is what intelligence-driven compliance ought to look like. It is also what static KYC will never deliver, no matter how good the onboarding questionnaire is.

Suggested read: Trustless, Not Lawless: Designing KYC Compliance for a Decentralized Web3 Future

What criminals taught me about technology

For a long time, I was convinced that financial crime would eventually migrate into privacy coins, making illicit funds much harder for compliance teams and investigators to trace. That did not happen. 

Looking at the criminals themselves, rather than their tools, changed my thinking entirely. They are only as good as the system needs them to be, and anything beyond that is a cost. It turns out that criminals, like the rest of us, are rational economic actors. They do not adopt complexity for its own sake.

That realization reshaped how I approach my work. The question that matters is not which chain, which protocol, or which privacy tool. It is how stolen or illicit crypto is actually converted into an operational result, like cash, goods, influence, or power. 

Understanding those motivations and the conversion process is where intelligence begins. And it applies whether the funds originated on a blockchain or moved through a traditional banking channel. The money has to go somewhere. Tracing where it goes means understanding the people moving it, not just the ledger recording it.

Yes, crypto is a technology, but money is a social product. If the compliance industry, across both traditional finance and blockchain, wants to evolve from reactive screening to genuine intelligence, it needs to start with the people, not the platforms.

Intelligence cannot be a proprietary asset

If I could change one thing about how this industry approaches financial crime, it would be information sharing. Credit risk, which is the financial industry’s other major risk category, benefits from extensive information exchange. Banks share credit data because defaults affect solvency and ratings. And by and large, these incentive structures work. 

In financial crime, particularly in crypto, the incentives run the other way. There is a tendency to hoard intelligence on serious crimes and position it as a competitive advantage, for example, better coverage, better data, or better product. I understand the commercial logic. But I do not understand the moral logic.

When the crimes in question include fraud affecting thousands of people and deplorable behaviors, including every kind of trafficking and abuse, I do not see the pride in keeping that information proprietary. This is data that should be shared across the industry to drive these crimes out of existence. It should not be data that sits behind a paywall.

The evolution from compliance to intelligence is not just about better tools or smarter analytics. It is about this industry deciding what it is actually for. If we believe there is a genuine public interest in defeating financial crime, and I would hope that is not a controversial position, then intelligence cannot be a proprietary asset. It has to be a shared resource across firms, ecosystems, and borders.