*For the complete PDF version of this report, please contact service@beosin.com

A    B    S    T    R    A    C    T

This report, supported by the Digital Asset Anti-Money Laundering Committee (DAAMC) under the Hong Kong Virtual Assets Industry Association (HKVAIA) and led by Beosin in research and writing, focuses on core AML issues surrounding stablecoins. It systematically reviews foundational concepts of stablecoins, global regulatory disparities, financial security risks, and constructs a comprehensive technical solution and ecosystem governance framework for Hong Kong, providing professional reference for compliant development of stablecoins.

The report clearly defines stablecoins as digital assets pegged to real-world assets such as fiat currencies, with fiat-collateralized types (e.g., USDT, USDC) dominating the market. Their applications span cross-border remittances, daily consumption, and value storage. The regulatory policy section highlights key differences between Hong Kong’s Stablecoin Ordinance and the U.S. GENIUS Act, while also analyzing policies from Singapore, Japan, South Korea, and the UAE.

Regarding financial security risks associated with stablecoins, their anonymity and cross-border convenience make them susceptible to illicit activities such as terrorist financing, ransomware attacks, and darknet transactions, necessitating vigilance against these risks that could undermine stablecoin development. In response, Beosin proposes a full-lifecycle “source prevention – dynamic monitoring – precise governance” solution tailored for Hong Kong, incorporating technologies like smart contract security auditing, on-chain monitoring of stablecoins, and KYT/KYA risk assessment to enable effective AML surveillance and intelligent criminal analysis.

The report concludes with recommendations from three dimensions—industry self-regulation, interdepartmental coordination, and user education—to assist DAAMC in advancing Hong Kong’s compliant stablecoin ecosystem.

Chapter 1: Definition and Development Trends of Stablecoins

1.1 Definition and Classification of Stablecoins

A stablecoin is a digital asset designed to maintain a relatively stable value by being pegged to a real-world asset such as fiat currency, gold, commodities, or real estate. Within the digital asset ecosystem, stablecoins have been widely adopted for trading, payments, and value storage, serving as a bridge between traditional finance and digital finance.

Currently, multiple countries and regions are either already legislating or preparing legislation regarding stablecoins, aiming to clarify definitions and establish issuer licensing frameworks to provide legal certainty for market participants.

Hong Kong’s regulatory framework provides a clear definition of "fiat-referenced stablecoins (FRS)," which are stablecoins whose value is fully backed by one or more official currencies, HKMA-designated bookkeeping units, or economic store-of-value forms—or combinations thereof—to maintain stability. In contrast, the U.S. GENIUS Act defines a stablecoin as a digital asset used as a means of payment or settlement tool, requiring issuers to maintain a stable value relative to a fixed currency.

The mechanism behind a stablecoin determines its operational model within the financial system, regulatory difficulty, and risk level. Beyond fiat-collateralized stablecoins, other types exist in blockchain ecosystems designed to peg to the U.S. dollar.

Table 1-1: Classification of Stablecoins

Type	Examples	Characteristics
Fiat-Collateralized	USDT, USDC	Backed by real assets (bank custody) held by centralized entities; on-chain representation is merely a tokenized form of real-world assets
Token-Collateralized	DAI, RAI	Collateralized by digital assets like ETH, with minting and liquidation governed by smart contracts
Algorithmic Stablecoins	UST, AMPL	Stabilized through algorithmic supply-demand adjustments — high-risk models
Partially Collateralized + Algorithmic	FRAX	Combines partial collateral with algorithmic demand management

1.2 Overview of the Top 10 Global Stablecoins by Market Capitalization

Stablecoins have been evolving for over a decade. Since the launch of USDT in 2014, the market has grown rapidly, with fiat-pegged stablecoins leading the sector. As of August 20, 2025, according to DefiLlama data, the total circulating market capitalization of global stablecoins reached $277.5 billion. The top ten stablecoins by market cap are:

Table 1-2: Top 10 Stablecoin Overview

Token Name	Market Cap	Number of Holding Addresses	Issuer	Freeze Function Supported?
USDT	$166.987 billion	112 million	Tether	Yes
USDC	$66.663 billion	30.5 million	Circle	Yes
USDe	$11.852 billion	773,000	Ethena Labs	No
DAI	$4.786 billion	1.819 million	Sky	No
USDS	$4.503 billion	45,000	Sky	Yes
USD1	$2.208 billion	349,000	BitGo	Yes
FDUSD	$1.448 billion	62,000	First Digital Labs	Yes
PYUSD	$1.193 billion	91,000	PayPal	Yes
RLUSD	$666 million	35,000	Standard Custody & Trust Company	Yes
TUSD	$493 million	368,000	TrueUSD	Yes

Data Source: https://defillama.com/stablecoins

From a market share perspective, fiat-referenced stablecoins account for over 83.46% of the market, including USDT, USDC, USD1, FDUSD, PYUSD, RLUSD, and TUSD, which dominate the landscape. USDe, as a synthetic dollar stablecoin, gains traction through yield generation via arbitrage between spot and futures markets on centralized exchanges, earning recognition in the crypto space and becoming the third-largest stablecoin.

In terms of on-chain transaction data, transaction frequency for stablecoins is rising. According to Visa, the total transaction volume of stablecoins exceeded $27.6 trillion in 2024, with adjusted transaction volume reaching $5 trillion. USDT consistently leads in transaction volume, followed by USDC, together accounting for over 90% of all stablecoin transaction data.

Figure 1-1: Monthly Stablecoin Transaction Volume

Data Source: Transactions | Visa Onchain Analytics Dashboard

Note: Adjusted Transaction Volume excludes robot activity, internal smart contract transactions, exchange-to-exchange transfers, and high-frequency trader transactions.

Over the past year, USDT on the TRON network has seen significant growth, with circulating USDT surpassing $82.6 billion, overtaking Ethereum as the blockchain network with the largest USDT circulation. BSC (also known as BNB Chain) has experienced explosive transaction volume due to Binance’s support for free withdrawals of stablecoins to the BSC network, making it the most active blockchain for stablecoin transactions over the past year.

Figure 1-2: Annual Transaction Volume and Count for USDT and USDC on Major Blockchain Platforms

Data Source: Transactions | Visa Onchain Analytics Dashboard

Stablecoin transaction volume and count on networks such as Base, Solana, Arbitrum, and Polygon are also significant. As shown in the chart, although Ethereum remains the primary blockchain for stablecoin circulation and trading, low-cost and high-speed blockchains are emerging as preferred choices for enterprises and general users.

1.3 Key Application Scenarios of Stablecoins

In July 2025, the International Monetary Fund analyzed approximately $2 trillion in adjusted transaction volume across six major chains—Ethereum, Binance Smart Chain, Optimism, Arbitrum, Base, and Linea—for the year 2024, assessing the global flow of stablecoins.

The report reveals that North America has the largest stablecoin flow, amounting to $633 billion, followed by Asia-Pacific at $519 billion. When considering the proportion of stablecoin flow relative to GDP, Latin America and the Caribbean reach 7.7%, while Africa and the Middle East stand at 6.7%. Emerging markets (e.g., Latin America and the Caribbean, Africa and the Middle East) frequently use stablecoins due to capital controls and unstable domestic currencies, primarily for cross-border flows, with internal circulation accounting for only 12%-14%.

These data indicate that stablecoins have become an indispensable component of the global financial ecosystem, with primary application scenarios as follows:

1. Cross-Border Remittances and Settlements

Traditional cross-border remittances rely on the SWIFT system, involving multiple intermediaries such as banks and correspondent banks, resulting in slow speed, high fees, and low transparency. Stablecoins leverage blockchain technology to rebuild a highly efficient, low-cost global payment network through peer-to-peer transactions.

2. Daily Consumption

Southeast Asian ride-hailing platform Grab now supports users in Singapore and the Philippines topping up their GrabPay wallets with digital assets like USDC and USDT for everyday payments such as rides, food delivery, and coffee purchases.

E-commerce platform Shopify integrates Solana Pay, enabling users to pay using USDC on the Solana blockchain. As of May 2025, over 2,000 Shopify merchants have adopted Solana Pay.

3. Value Storage and Financial Yield Generation

The “value stability” feature of stablecoins makes them the foundational currency in the digital asset market, satisfying risk-averse needs while leveraging the technological characteristics of digital assets to spawn diverse financial applications, serving as a bridge between traditional and digital finance.

In countries experiencing high inflation in local fiat currencies (e.g., Argentina, Turkey), residents often convert their domestic money into stablecoins like USDT (pegged to the U.S. dollar) to hedge against currency depreciation. For instance, Turkey has long faced persistent inflation and currency devaluation, driving continuous growth in stablecoin and mainstream digital asset adoption. In 2024, the total trading volume of USDT/TRY (Turkish Lira) on Binance, the world’s largest digital asset exchange, surpassed $43.82 billion.

Figure 1-3: USDT-Turkish Lira Exchange Volume on Binance Exchange in 2024

Data Source: https://www.tradingview.com/symbols/USDTTRY/

Beyond hedging against fiat depreciation, stablecoins can also be used for financial yield generation. In decentralized finance (DeFi), stablecoin holders, after understanding the associated risks, may deposit stablecoins into decentralized lending protocols (e.g., Aave) to earn interest from borrowers, with annual yields determined by market demand. Alternatively, they can provide liquidity for stablecoin pairs like USDT-USDC on decentralized exchanges such as Uniswap and earn transaction fees.

1.4 Rise of Stablecoins and Regulatory Landscape

2025 is hailed as the “Year of the Stablecoin,” marking the transition of stablecoins from peripheral tools in digital asset trading to a central role in global finance. As digital assets pegged to fiat currencies or commodities, stablecoins offer price stability, low transaction costs, and efficient settlement, demonstrating disruptive potential across cross-border payments, supply chain finance, and asset tokenization, and emerging as a new focal point in the global financial infrastructure competition.

However, alongside rapid growth, stablecoins bring numerous potential risks, including challenges to monetary policy, financial stability, consumer protection, and illicit financial activities such as money laundering and terrorist financing. International financial institutions have maintained heightened concern over these risks. For example, the Bank for International Settlements (BIS) issued a stern warning in its report about the performance of stablecoins as widely used currencies, highlighting deficiencies such as lack of central bank backing, insufficient safeguards against illicit use, and inability to generate loans due to funding flexibility. BIS reports note that the anonymous nature of stablecoin holdings may facilitate hiding “dirty money,” and face risks of rapid redemptions by investors, potentially undermining monetary sovereignty and triggering capital flight from emerging economies.

To address the technological challenges and systemic risks posed by high liquidity, cross-border accessibility, and anonymity inherent in digital assets and stablecoins, the Financial Action Task Force (FATF) recommended in 2019 extending the Travel Rule to digital asset service providers, requiring them to adhere to the same transfer standards as banks. Under the Travel Rule, digital asset transactions exceeding a certain threshold (typically $1,000) must undergo KYC and due diligence procedures.

Various countries and regions have gradually advanced regulatory frameworks for digital assets based on FATF’s guidance, covering digital asset trading service providers, stablecoins, and digital asset custody. 2025 marks a turning point in global stablecoin regulation. The U.S. introduced the GENIUS Act, Hong Kong launched the Stablecoin Ordinance, most provisions of the EU’s MiCA Act took effect in 2025, and Japan and South Korea began evaluating the issuance of their own fiat-pegged stablecoins. The global stablecoin regulatory framework is gradually taking shape.

Chapter 2: Policy Research on Stablecoins

2.1 Analysis of Hong Kong's Stablecoin Regulatory Policies

Hong Kong has clearly articulated its strategic goal of becoming a leading global hub for digital asset innovation and investment. To achieve this vision, Hong Kong emphasizes establishing a robust and appropriate regulatory environment, viewing it as a prerequisite for sustainable and responsible development of the stablecoin ecosystem. This strategy leverages Hong Kong’s inherent advantages as an international offshore financial center, including a mature financial infrastructure in cross-border payments, asset management, clearing, and custody.

Hong Kong’s linked exchange rate system grants the Hong Kong dollar a high degree of stability, creating a solid monetary foundation for issuing stablecoins denominated in HKD and backed by fiat reserves. This strategic integration of digital assets into existing financial infrastructure and monetary systems indicates that Hong Kong does not view digital assets as entirely independent but rather seeks to embed them within established financial ecosystems. The stability of the HKD provides a credible anchor for stablecoins, enabling Hong Kong to stand out competitively against jurisdictions with less developed financial infrastructure or higher volatility in their fiat currencies.

2.1.1 Regulatory Objectives and Guiding Principles

The core objective of Hong Kong’s stablecoin regulatory framework is to mitigate potential risks posed by fiat-referenced stablecoins (FRS) to monetary policy, financial stability, and investor protection. Its guiding principle is “same activity, same risk, same regulation,” a concept deeply embedded in the Stablecoin Ordinance, ensuring regulatory requirements align with international standards while reflecting Hong Kong’s local context. This approach aims to promote healthy and orderly development of the digital asset market.

The regulatory framework also specifically addresses unique challenges posed by stablecoins, such as their anonymity and ease of cross-border use, which may increase AML and CFT risks. Combining the “same activity, same risk, same regulation” principle with a clear acknowledgment of stablecoin-specific risks (e.g., anonymity and cross-border nature) reflects the maturity of Hong Kong’s regulatory philosophy. This is not a simple transplantation of existing rules into the digital asset domain but a tailored adjustment recognizing functional equivalence with traditional financial instruments while adapting to the unique technical characteristics of digital assets. This meticulous approach aims to prevent regulatory arbitrage and ensure effective mitigation of emerging risks. If stablecoins function similarly to traditional financial instruments (e.g., payments, value storage), they should be subject to similar regulation to close potential regulatory gaps. However, their technical features (e.g., distributed ledger technology, potential anonymity) introduce new risks not fully covered by traditional rules. Therefore, the HKMA must adjust existing principles and introduce new measures (e.g., stringent AML/CFT requirements for DLT) to achieve comprehensive oversight.

2.1.2 Definition and Scope of Regulation

1. Clear Definition: "Fiat-Referenced Stablecoins (FRS)"

Hong Kong’s regulatory framework provides a clear definition of "stablecoin" and "fiat-referenced stablecoin (FRS)" to ensure precision and effectiveness in regulation.

Definition of "Fiat-Referenced Stablecoin (FRS)": FRS refers to stablecoins whose value is fully backed by one or more official currencies, HKMA-designated bookkeeping units, or economic store-of-value forms—or their combination—to maintain stable value. Currently, the scope of "designated stablecoins" is limited to fiat-referenced stablecoins. The regulatory framework covers both single-currency and multi-currency FRS.

The HKMA has focused its regulatory efforts primarily on FRS, reflecting a risk-based approach. FRS, especially those pegged to major fiat currencies, are considered to pose the most direct and significant risks to monetary and financial stability due to their widespread potential as payment instruments and their direct link to the traditional financial system. In contrast, stablecoins pegged to commodities (e.g., gold) or other digital assets typically have narrower use cases and smaller direct systemic impact. By prioritizing FRS regulation, the HKMA first addresses the most urgent regulatory needs and retains flexibility to expand the scope as the market evolves.

2. Licensing Requirement: Issuance Activities Require a License

In Hong Kong, any entity engaging in any of the following “regulated stablecoin activities” must obtain prior approval from the HKMA: issuing designated stablecoins during business operations in Hong Kong, issuing designated stablecoins overseas but pegged to the HKD, or actively promoting the issuance of fiat-referenced stablecoins to the public in Hong Kong.

The determination of "active promotion" involves a comprehensive assessment, including marketing language (especially Chinese usage), targeting of Hong Kong residents, use of Hong Kong domain names, and presence of detailed marketing plans. "Issuance" or "minting" generally refers to the initial recording and allocation of tokens to digital wallet addresses on a distributed ledger. The determination of "issuance in Hong Kong" also involves a holistic assessment, including day-to-day management and operational locations, incorporation location, minting and burning locations, reserve asset management location, and the location of bank accounts handling cash flows.

3. Treatment of Algorithmic Stablecoins: De Facto Exclusion

Hong Kong’s regulatory framework adopts a de facto exclusion stance toward algorithmic stablecoins. Due to the lack of actual reserve assets backing, algorithmic stablecoins cannot meet the HKMA’s strict reserve-related licensing conditions for FRS issuers. Although they may technically satisfy the definition of "designated stablecoin," their inability to meet minimum standards, particularly reserve requirements, effectively prevents them from obtaining a license.

This de facto exclusion of algorithmic stablecoins, despite their theoretical inclusion in the "designated stablecoin" definition, represents a strong prudential position. It reflects the global consensus among regulators post-Terra/Luna collapse that unsupported or under-collateralized stablecoins pose unacceptable systemic risks, placing financial stability and investor protection above speculative innovation. The HKMA’s approach aligns with international standards (e.g., FSB, BCBS recommendations), which emphasize that stablecoins used for payments must have adequate reserve support. By setting strict reserve requirements, the HKMA effectively filters out inherently unstable algorithmic models, signaling a cautious stance on innovation and placing financial stability first.

2.1.3 Licensing Framework for Fiat-Referenced Stablecoin Issuers

The cornerstone of Hong Kong’s stablecoin regulatory regime is a mandatory licensing framework imposing strict requirements on fiat-referenced stablecoin (FRS) issuers. The Stablecoin Ordinance establishes a “license-first” or “closed-loop” regulatory model emphasizing ex-ante authorization. This model is generally stricter than the “post-compliance” paths adopted in some other jurisdictions. The HKMA is the primary regulator, possessing comprehensive authority over licensing, audits, revocation of licenses, and issuing operational guidelines. The HKMA has the power to establish a “Designated Stablecoin List” and prohibit unauthorized stablecoins from circulating or being used for payments in Hong Kong.

The “license-first” approach, combined with the HKMA’s broad discretion (including the establishment of the “Designated Stablecoin List”), indicates a highly controlled and centralized regulatory environment in Hong Kong. This contrasts sharply with more lenient or decentralized regulatory philosophies, reflecting Hong Kong’s emphasis on prudential supervision and market integrity from the outset. By requiring pre-authorization, the HKMA can review the business model, financial soundness, and control systems of a stablecoin before it enters circulation, significantly reducing risks. The “Designated Stablecoin List” serves as a dynamic market control tool, allowing the HKMA to swiftly respond to emerging risks or non-compliant entities by restricting market access.

Obtaining and maintaining a Hong Kong stablecoin issuer license requires meeting a series of strict conditions and ongoing regulatory requirements designed to ensure the issuer’s sound operation and protection of stablecoin holders.

1. Corporate Status and Local Presence Mandate

FRS issuers must be companies incorporated in Hong Kong. Senior management teams and key personnel must reside in Hong Kong. Non-Hong Kong incorporated companies (except those already recognized and prudentially regulated) seeking an FRS issuer license must establish a subsidiary in Hong Kong.

2. Minimum Financial Resources and Capital Adequacy

FRS issuers must meet minimum financial resource requirements. The minimum paid-up share capital requirement is HK$25,000,000. The HKMA reserves the right to impose additional capital requirements when necessary. Retaining the discretion to impose extra capital ensures a flexible yet firm risk management stance. While sufficient capital buffers are crucial for financial stability, excessively high initial capital requirements could stifle innovation and hinder new entrants. This reflects a nuanced consideration balancing encouragement of participation with ensuring adequate financial support, acknowledging that the stablecoin market is still in its early stages.

3. Comprehensive Reserve Asset Management and Custody

FRS issuers must establish an effective stability mechanism. The total market value of reserve assets must never fall below the total face value of circulating FRS (i.e., full backing). Issuers should also consider the risk profile of their reserve assets and ensure adequate over-collateralization to provide a buffer. Reserve assets must be high-quality, highly liquid assets (e.g., bank deposits denominated in the reference currency). Reserve assets must be held in the same reference currency as the stablecoin, and each stablecoin’s reserve assets must be strictly segregated from the issuer’s other reserve pools and operational assets. Effective trust arrangements (e.g., appointing an independent trustee or issuing a trust declaration) must be established to ensure these assets are held for the benefit of stablecoin holders.

The HKMA will adopt a risk-based approach to assess the adequacy of reserve assets. The strict requirements for full backing, high liquidity, segregation, and sound trust arrangements are the bedrock of Hong Kong’s investor protection and financial stability strategy. This effectively imposes a “bank-like” prudential standard on stablecoin reserves, aiming to prevent liquidity crises and de-pegging events common in less regulated models. Past failures of stablecoins often stemmed from inadequate reserves, poor liquidity, commingling of funds, or insufficient legal protection for holders. By imposing these stringent requirements, the HKMA directly addresses these vulnerabilities, ensuring stablecoin holders have clear and enforceable rights to their underlying assets and that the peg can be maintained even under stress.

4. Robust Redemption Mechanism and Timeliness Standards

FRS holders must be able to redeem their stablecoins at face value promptly, without incurring undisclosed or disproportionate fees, or unreasonable redemption conditions. Redemption requests must be fulfilled within one business day of receipt. If an issuer anticipates being unable to meet a redemption request within one business day (e.g., due to unforeseen market pressure), they must seek prior approval from the HKMA.

The “within one business day” redemption standard sets a very high bar for FRS issuers’ operational efficiency and liquidity management. This directly addresses the inherent “run risk” of stablecoins, aiming to maintain confidence and prevent systemic contagion. Rapid redemption capability is crucial for maintaining the peg and preventing panic redemptions. By enforcing a strict one-day standard, the HKMA forces issuers to maintain highly liquid reserves and robust operational processes, minimizing the risk of liquidity mismatches that could destabilize the stablecoin.

5. Requirements and Impacts for Ordinary Users

For digital asset wallet holders or individuals considering entering the stablecoin market, the following points are noteworthy under Hong Kong’s stablecoin regulations:

(1) KYC/AML Requirements

Users must complete identity verification when using stablecoins issued by licensed Hong Kong stablecoin issuers or related platforms (exchanges, custodial wallets).

(2) Source of Funds Review

Large cross-border transfers or frequent transactions may trigger anti-money laundering scrutiny.

(3) Usage and Trading Restrictions

In Hong Kong, future stablecoin usage and trading may be subject to strict licensing constraints. According to HKMA requirements, users holding licensed stablecoins can redeem them at any time. Before the OTC Bill is enacted, ordinary users can still trade USDT and USDC on licensed digital asset platforms in Hong Kong (e.g., HashKey, OSL). However, it remains uncertain whether ordinary users will be allowed to trade unlicensed stablecoins like USDT and USDC under the future OTC licensing regime.

(4) Taxation Requirements

Hong Kong currently imposes no capital gains tax. Buying and selling stablecoins themselves are generally not taxed, but if used for commercial purposes (e.g., receiving payments, salary settlements), taxation is required.

2.1.4 Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) Framework

1. Adherence to International Standards: FATF Recommendations and the “Travel Rule”

Hong Kong proactively adopts international standards in AML/CFT, particularly the recommendations of the Financial Action Task Force (FATF). Hong Kong’s updated AML framework, including regulations for virtual asset service providers (VASPs), aligns with FATF and its Recommendation 16—the “Crypto Travel Rule.” The Travel Rule applies to all digital asset transfers exceeding HK$8,000 (approximately $1,000). VASPs are granted a six-month window to comply, allowing for gradual integration and avoiding business disruption.

Hong Kong’s proactive implementation of FATF Recommendation 16 (the Travel Rule) demonstrates its commitment to global AML/CFT standards and its aspiration to be a responsible leader in digital asset regulation. This alignment enhances cross-border interoperability and reduces the risk of being perceived as a weak link in the global financial crime prevention network. The Travel Rule requires financial institutions and VASPs to transmit sender and beneficiary information during digital asset transfers, analogous to traditional wire transfers. By adopting this rule, Hong Kong enhances traceability, reduces anonymity, and addresses AML challenges arising from the cross-border and potential anonymity of stablecoins. This strengthens Hong Kong’s reputation as a compliant jurisdiction, crucial for attracting legitimate digital asset business.

2. Risk-Based Approach (RBA) for Money Laundering/Terrorist Financing Assessment and Mitigation

Licensed entities must adopt a Risk-Based Approach (RBA) when designing and implementing AML/CFT policies and procedures. An institution-level ML/TF risk assessment must be conducted, considering customer, country, product, and delivery channel risks. Assessments must be properly documented, approved by senior management, and kept up to date. Systems can be simplified for lower-risk scenarios, but simplification is not permitted when there is suspicion of money laundering or terrorist financing.

Adopting RBA allows for flexible and proportionate AML/CFT measures, adjusting controls based on the specific risk profiles of the issuer’s business model and customer base. This avoids a “one-size-fits-all” approach that might impose excessive burdens on low-risk activities while ensuring sufficient rigor for high-risk activities. The ML/TF risk associated with stablecoin activities can vary significantly. RBA enables issuers to allocate resources effectively, focusing on high-risk areas. This also reflects international best practices in AML/CFT, promoting effective risk mitigation without stifling legitimate innovation.

3. Wallet Management and Enhanced Customer Due Diligence (CDD)

Licensed entities must properly manage AML/CFT risks associated with wallets used by their clients for stablecoin transactions. They must identify client wallet addresses and verify ownership through micro-payments, message signature tests, or evidence obtained from custodial wallet providers.

For self-custody wallets provided by custodial wallet providers or used by financial institutions/VASPs, due diligence measures include collecting owner information, assessing their reputation and AML/CFT quality, and evaluating the adequacy of their control measures.

Detailed requirements for wallet management and CDD, including wallet ownership verification and due diligence on third-party wallet providers, directly address the challenge of pseudonymity in digital asset transactions. This is a critical step in bridging the gap between blockchain anonymity and financial transparency. One of the primary AML challenges in the digital asset space is the ability to transact with non-custodial wallets without clear identity. By requiring wallet ownership verification and due diligence on third-party providers, the HKMA mandates that issuers establish a clear link between stablecoin transactions and verified identities, significantly reducing anonymity risk and enhancing traceability.

4. Continuous Monitoring of Stablecoin Transactions and Mitigation Strategies for Illicit Activities

Licensed entities must monitor circulating stablecoins to prevent their use for illegal purposes, with monitoring intensity proportional to ML/TF risk. Stablecoin transactions are recorded on the blockchain, providing traceability to identify illicit activities. Possible measures include using blockchain analytics technology to continuously screen transactions and wallet addresses, blacklisting sanctioned or illegal wallet addresses, and freezing stablecoins upon request from regulatory or law enforcement agencies. Unless the licensed entity can demonstrate the effectiveness of these measures to the HKMA, the identity of every stablecoin holder must be verified by the licensed entity, a regulated financial institution/VASP, or a reliable third party.

The HKMA holds higher expectations for the effectiveness of blockchain analytics and blacklist mechanisms. In the absence of proof of AML technology effectiveness, the default requirement is to verify the identity of “every stablecoin holder,” indicating a highly conservative and risk-averse approach to emerging AML technologies. This suggests that relying solely on technological solutions may not suffice to meet Hong Kong’s stringent AML standards, and manual verification remains crucial. While blockchain analytics offers promising tools for identifying illicit activities, the HKMA acknowledges its limitations (e.g., difficulty identifying ultimate beneficiaries, reliance on external data). By prioritizing direct identity verification, the HKMA signals it will not compromise on fundamental AML principles, even when exploring technological advancements. Thus, the current Hong Kong stablecoin ecosystem maintains a robust “KYC” foundation.

2.2 Analysis of the U.S. Stablecoin Act

2.2.1 Definition and Scope of “Payment Stablecoins”

The GENIUS Act primarily regulates a specific category of digital assets known as “payment stablecoins.” These assets are typically defined as digital assets intended to serve as a means of payment or settlement, with issuers obligated to redeem or repurchase these assets at a fixed monetary value. The assets are not national currencies. A key aspect of the act is explicitly stating that payment stablecoins issued by authorized issuers are not considered “securities” under U.S. federal securities laws or “commodities” under the Commodity Exchange Act. This legislative exemption aims to establish a clear regulatory path for compliant stablecoins, largely removing them from the direct oversight of the U.S. Securities and Exchange Commission (SEC) or the Commodity Futures Trading Commission (CFTC).

This clear definition primarily targets fiat-backed stablecoins maintaining a 1:1 peg. Consequently, algorithmic stablecoins lacking a 1:1 reserve and relying on complex algorithms to maintain the peg likely do not qualify under this framework. This effectively excludes them from the “safe harbor” provided by the SEC/CFTC classification, potentially leaving them subject to existing securities or commodity laws.

Explicitly excluding compliant payment stablecoins from the definitions of “security” and “commodity” represents a significant step forward in regulation. This directly addresses one of the most persistent sources of regulatory uncertainty plaguing the U.S. crypto industry for years. By clearly defining regulatory classification, the act shifts the primary regulatory responsibility for these specific digital assets to banking regulators, rather than market regulators. This clarity aims to enhance confidence among traditional financial institutions and enterprises, encouraging their use of stablecoins for various purposes such as payments, cross-border transactions, and treasury management. It also creates a distinct niche within the broader digital asset market, where “payment stablecoins” are treated differently from other digital assets or tokenized assets, thereby establishing a more specialized and predictable regulatory environment for this particular asset class.

2.2.2 Core Prudential and Operational Requirements

1. Reserve Asset Management

Authorized Payment Stablecoin Issuers (PPSIs) are strictly required to maintain at least a 1:1 reserve, fully supporting the circulating payment stablecoins. Eligible reserve asset types include: U.S. coins and paper currency (including Federal Reserve notes), deposits at insured depository institutions or foreign depository institutions, short-term U.S. Treasury bills with maturities of 93 days or less, repurchase agreements collateralized by short-term U.S. Treasuries, certain reverse repurchase agreements, money market funds invested exclusively in the aforementioned eligible assets, and central bank reserve deposits. Notably, the act does not grant primary federal regulators the power to expand the list of eligible reserve assets, even if they believe other assets possess sufficient liquidity.

Reserve assets must not be pledged, re-pledged, or reused, except for the purpose of providing liquidity to meet reasonable expected stablecoin redemption requests. In such cases, short-term U.S. Treasury bills may be used as collateral for repurchase agreements, but these repurchase agreements must be cleared through an approved central clearing counterparty or receive prior approval from the relevant regulator. Reserve assets must be held by qualified third-party custodians and strictly segregated from the issuer’s operating funds. The issuer must publicly disclose monthly the total amount of circulating payment stablecoins and the amount and composition of reserve assets on its website. Monthly reports must be reviewed by a registered public accounting firm, and the CEO and CFO must certify the accuracy of the report; intentional false certification carries criminal penalties.

The strict limitation on reserve assets in the GENIUS Act, primarily restricting them to U.S.-denominated assets and U.S. Treasury bonds, is no accident. This provision clearly supports the dominant role of the U.S. dollar in the global digital economy and brings sustained demand to the U.S. Treasury market. This contrasts sharply with Hong Kong’s more flexible approach to reserve assets, reflecting a deeper strategic consideration in the U.S. regard for stablecoin regulation as a national economic instrument.

2. Redemption Mechanisms and Activity Restrictions

All authorized payment stablecoin issuers must establish a “timely” redemption procedure for circulating payment stablecoins and publicly disclose their redemption policies. The business activities of PPSIs are strictly limited, typically confined to issuing and redeeming payment stablecoins, managing related reserves, providing custody and safekeeping services, and other activities directly supporting these functions. The act also prohibits “tied sales,” meaning services cannot be offered contingent upon customers acquiring additional paid products or services from the issuer or its subsidiaries, or upon customers agreeing not to acquire any paid products or services. Additionally, stablecoin issuers are explicitly prohibited from offering any form of interest or yield to stablecoin holders. In the event of issuer bankruptcy, stablecoin holders have priority claims over all other creditors.

3. Capital, Liquidity, and Risk Management

Federal and state regulators are required to develop capital requirements rules tailored to the business model and risk profile of payment stablecoin issuers, with a $100 billion threshold dividing regulatory authority. Issuers must possess the technical capabilities, policies, and procedures to prevent, freeze, and reject illicit transactions and to comply with all applicable court orders. Regulators will also incorporate Bank Secrecy Act (BSA) and sanctions compliance standards into their risk management requirements. For banks holding stablecoins on their balance sheets, current U.S. banking rules may require holding additional capital. The act also specifies a timeline for rulemaking and implementation by regulators: unless otherwise stated, relevant rules must be promulgated by July 2026. The act’s effective date is the earlier of 18 months after enactment or 120 days after the primary federal stablecoin regulatory agency issues final implementing regulations, meaning the latest possible effective date is January 18, 2027.

4. Anti-Money Laundering / Counter-Terrorist Financing (AML/CFT) and Privacy Requirements

Under the GENIUS Act, authorized payment stablecoin issuers are designated as “financial institutions” under the Bank Secrecy Act (BSA). This means they must comply with strict AML, customer identification (KYC), and transaction monitoring requirements. They are also required to file Suspicious Activity Reports (SARs) with the Financial Crimes Enforcement Network (FinCEN) and comply with Office of Foreign Assets Control (OFAC) sanctions. In terms of privacy protection, the privacy requirements of the Gramm-Leach-Bliley Act (GLBA) apply to most authorized payment stablecoin issuers.

The comprehensiveness of the U.S. AML/CFT framework, including KYC, transaction monitoring, suspicious activity reporting, and sanctions compliance, undoubtedly imposes significant compliance costs on issuers. This may provide a competitive advantage to companies already possessing robust KYC, risk management, and regulatory change management procedures. This area is also a common point of strict regulation in both U.S. and Hong Kong regulatory frameworks.

2.3 Comparative Analysis of Hong Kong and U.S. Stablecoin Regulatory Frameworks

2.3.1 Regulatory Philosophy and Strategic Goals

As Hong Kong’s stablecoin licensing framework takes shape, increasing market participants are comparing it with the U.S. regulatory path. Differences in legal systems, financial positioning, and strategic goals between the two regions reflect varying risk appetites among regulators and distinct strategic visions for the future of digital finance. Below is a comparative analysis based on regulatory philosophy and strategic objectives.

Table 2-1: Comparison of Regulatory Philosophy and Strategic Goals between Hong Kong and the U.S.

Dimension	Hong Kong	United States
Regulatory Model	Centralized under HKMA, with a licensing system to mitigate risks and foster innovation.	Decentralized, with multiple federal and state agencies involved, balancing risk and innovation. Over $100 billion regulated by the Fed; under $100 billion by state-level authorities.
Compliance Threshold	High barrier (HK$25 million paid-up capital requirement, strict redemption mechanisms), 100% high-liquidity assets, regular audits and public disclosure.	Limited to deposit institutions' subsidiaries/federal/state-qualified issuers. 1:1 cash/short-term treasuries, monthly public disclosure, prohibition on re-pledging.
Risk Attitude	Conservative, emphasizing payout guarantees and risk control, prohibiting algorithmic stablecoins.	More inclusive, encouraging innovation and tolerating some trial and error.
User Protection	Clear payout guarantees, protection of user priority rights and redemption rights, restricted to licensed institutions for sales, regulation of advertising behavior, relatively strict AML requirements.	Emphasis on investor protection and consumer safety, mandatory disclosure of reserves, key personnel required to submit monthly reports, strict AML requirements.
Strategic Goal	Establishment of an international regulatory-compliant stablecoin hub to reinforce Hong Kong’s status as an international financial center.	Strengthening the dominance of the U.S. dollar, promoting the application of dollar-pegged stablecoins and fiscal support.
Core Legislation	Stablecoin Ordinance (effective August 1, 2025)	Guiding and Establishing National Innovation for U.S. Stablecoins Act (effective July 18, 2025)

2.3.2 Regulatory Structure and Authority

The U.S. stablecoin regulatory system is characterized by a dual-track model, featuring a complex, multi-tiered federal/state structure involving several federal banking regulators, such as the Federal Reserve, OCC, FDIC, and NCUA. Despite the establishment of the Stablecoin Certification Review Committee (SCRC) to promote coordination, this multi-agency model still risks regulatory fragmentation.

In stark contrast, Hong Kong adopts a centralized, unified regulatory model, with the Hong Kong Monetary Authority (HKMA) serving as the sole primary prudential regulator. This “one-stop” regulatory approach provides higher clarity and efficiency for market participants. For institutions seeking entry, Hong Kong’s centralized structure offers a clear path and transparent rules, contrasting with the potential complexity of navigating multiple states and federal agencies in the U.S., which could lead to higher compliance burdens for U.S. issuers.

2.3.3 Reserve Assets and Custody Requirements

In terms of reserve assets, both the U.S. and Hong Kong adhere to the 1:1 full backing principle, requiring stablecoins to be backed by high-quality, highly liquid assets. This is a universal consensus in global stablecoin regulation.

However, in practical execution, significant differences exist. The U.S. GENIUS Act imposes strict limitations on the types of eligible reserve assets, primarily restricting them to U.S. dollars and short-term U.S. Treasury bonds. Additionally, the act mandates that reserve assets be held by qualified third-party custodians and strictly segregated from the issuer’s operating funds. This strict restriction reflects the U.S. policy consideration of using stablecoins as a tool to consolidate dollar hegemony and support the U.S. Treasury market. Hong Kong, while emphasizing the quality and liquidity of reserve assets, offers greater flexibility. Although asset segregation is required, Hong Kong allows issuers to independently manage custody or delegate management to qualified institutions like banks. This flexibility aims to balance prudent regulation with market innovation, permitting a wider range of operational models while still ensuring asset security.

2.3.4 Retail Investor Access and Consumer Protection

The U.S. GENIUS Act aims to establish federal safeguards to protect the interests of stablecoin holders and enhance public confidence in the payment stablecoin market. Its consumer protection measures are reflected in strict requirements for reserve assets, transparent disclosures, and redemption mechanisms. Hong Kong, however, adopts a more rigorous and detailed investor protection strategy, particularly concerning retail investors. According to the Stablecoin Ordinance, only stablecoins issued by HKMA-licensed fiat stablecoin issuers can be sold to retail investors. Furthermore, Hong Kong imposes strict restrictions on stablecoin advertising to prevent fraud and misleading statements. This protective strategy is more cautious, aiming to isolate retail investors from the risks associated with stablecoin investments.

2.3.5 Cross-Border Collaboration and Reciprocal Arrangements

In terms of cross-border collaboration, both the U.S. and Hong Kong recognize the importance of international coordination. The U.S. GENIUS Act authorizes the Secretary of the Treasury to establish reciprocal arrangements or other bilateral agreements with foreign jurisdictions possessing “comparable” stablecoin regulatory regimes to facilitate international transactions and interoperability with U.S.-denominated stablecoins. In Hong Kong, the HKMA has the authority to assess on a case-by-case basis whether to modify or exempt certain minimum standards for applicants who are already adequately regulated in other jurisdictions. This is not automatic mutual recognition but a case-by-case prudent review. While both sides are committed to international cooperation, their differing reciprocal mechanisms may lead to friction in practice or require further bilateral agreements to achieve true seamless cross-border interoperability.

Despite both jurisdictions recognizing the necessity of cross-border cooperation, the lack of an immediate, automatic mutual recognition framework poses a significant challenge to the global adoption of stablecoins. This means issuers seeking to operate in both markets face a dual compliance burden, which could hinder the seamless flow of stablecoins in cross-border trade and payments and limit their full potential. The future success of stablecoins as a global payment rail depends on the actual implementation and breadth of these reciprocal arrangements.

2.3.6 Comparison of AML/CFT Policy Requirements

Table 2-2: Comparison of Anti-Money Laundering Regulatory Policies between Hong Kong and the U.S.

Dimension	Hong Kong (Stablecoin Ordinance and accompanying guidelines)	United States (Federal BSA/FinCEN + State Rules/Potential Federal Law)
Regulated Entity	“Stablecoin issuers” must be licensed and treated as financial institutions under the AMLO; subject to the “Stablecoin Issuer AML/CFT Guidelines”	CVC (“convertible virtual currency”) “operators/exchangers” are MSBs under BSA and must register, establish AML systems; proposed federal stablecoin bill would explicitly designate issuers as BSA subjects
Risk Management	Explicit requirement for issuers to conduct institutional-level ML/TF risk assessments and design systems using RBA	BSA-based risk approach; FinCEN 2019 guidance requires MSBs to implement risk-based procedures and monitoring
CDD/KYC	Implement tiered CDD (including PEPs, purpose and nature, ongoing due diligence) for clients and beneficial owners; verify identity of every stablecoin holder	Conduct KYC/CDD and risk assessment on customers during stablecoin issuance and redemption, along with ongoing monitoring; file SARs/CTRs
On-Chain Transaction Monitoring	Require continuous monitoring of circulating stablecoins (including on-chain address screening, blockchain analytics, blacklists, and, where necessary, closed-loop (whitelist-only) circulation)	Emphasize transaction monitoring and suspicious reporting; propose additional record-keeping and reporting requirements (NPRM 311 special measures) for mixers
Travel Rule	AMLO adds a “Stablecoin Transfer” section: collect, retain, and transmit sender and recipient information for stablecoin transfers; prohibited from transferring with non-compliant VASPs/FIs; implement additional risk controls for non-custodial wallet transfers	Funds Travel Rule (31 CFR 1010.410(f)) applies to MSBs, requiring sender information for transactions ≥ $3,000; FinCEN document explicitly states CVC applicability
Record Keeping	Records must be retained for at least 5 years	Must comply with the 5-year retention requirement under BSA, including customer records, transaction records, SARs/CTRs, and supporting documents
Organization and Governance	Must establish a CO and MLRO; board or senior management must bear AML responsibility	Regulators expect banks or regulated entities to have sufficient BSA/AML governance and resources
Level of Hierarchy	Uniformly issued by HKMA for licensing and guidance	Federal level managed by BSA/FinCEN + existing state licensing framework (e.g., NYDFS BitLicense/Stablecoin Guidance); GENIUS Act/STABLE Act text explicitly defines issuers as BSA “financial institutions”

2.4 Other Countries and Regions’ Stablecoin Regulatory Policies

2.4.1 Singapore’s Stablecoin Regulatory Policy

The Monetary Authority of Singapore (MAS) released the Stablecoin Regulatory Framework in 2023, though it has not yet been codified into law. In 2025, MAS plans to conduct public consultations and draft amendments to formalize the framework. Until the revised legislation is implemented, Singapore relies on the existing Payment Services Act (PSA) and the Stablecoin Regulatory Framework to regulate stablecoins.

The PSA clarifies the definition of stablecoins, entry thresholds, reserve assets, and redemption mechanisms. The subsequent release of the Stablecoin Regulatory Framework extends regulation to single-currency stablecoins pegged to the Singapore dollar or G10 currencies issued in Singapore, adding new regulatory requirements for stablecoin issuance services, further safeguarding the rights of stablecoin holders and mitigating financial risks.

Under the Stablecoin Regulatory Framework, stablecoin issuers must comply with the following regulatory requirements:

1. 1. Reserve Asset Requirements
2. l Composition: Cash/equivalents, low-risk bonds with remaining maturities ≤ 3 months (issued by governments, central banks, or AA- rated international institutions), ensuring asset value stability;
3. l Valuation: Marked-to-market daily, with value ≥ 100% of circulating SCS face value, preventing redemption risks due to insufficient reserves;
4. l Custody: Isolated accounts must be held at custodians rated A- or higher, preventing misuse of reserve assets;
5. l Auditing: Monthly independent audit + annual audit, enhancing transparency and reducing market trust risks.
6. 2. Capital Requirements
7. l Base Capital: ≥ SGD 1 million or 50% of annual operating expenses (whichever is higher), ensuring the issuer has sufficient financial strength to withstand operational risks;
8. l Solvency: Liquid assets ≥ 50% of annual operating expenses or amount needed for liquidation (verified annually by independent auditors), ensuring orderly redemption even in extreme circumstances.
9. 3. Anti-Money Laundering Requirements
10. l Stablecoin issuers and intermediaries must strictly comply with AML/CFT regulations, including Customer Due Diligence (CDD), transaction monitoring, and reporting large and suspicious transactions.

Notably, Singapore’s Stablecoin Regulatory Framework exhibits a “voluntary” characteristic: stablecoin issuers can choose whether to apply to MAS for certification and become a “MAS-regulated stablecoin,” and those choosing not to follow this path can continue operating as “digital payment tokens” under the PSA framework. The upcoming amendment bill may still adhere to the previous voluntary nature of stablecoin regulation, providing flexibility for different stablecoin issuers.

2.4.2 Japan’s Stablecoin Regulatory Policy

Japan has built a stablecoin regulatory system based on “issuer limitation + reserve transparency + full-process monitoring,” emphasizing a balance between compliance and innovation. Its core logic is integrating stablecoins into the traditional financial regulatory framework, reducing money laundering risks through KYC, travel rules, and asset segregation, while planning to enhance the competitiveness of its stablecoins through flexible reserve investment (e.g., allowing up to 50% in government bonds).

According to the revised provisions effective June 2023, fiat-pegged stablecoins are classified as “Electronic Payment Instruments” (EPIs) and must comply with strict AML and CFT obligations. This institutional design aims to balance compliance, financial stability, and innovative development.

1. Core AML Requirements

• l Customer Identity Verification (KYC) and Transaction Record Keeping: Stablecoin issuers and intermediaries (e.g., exchanges) must verify user identities, including name, address, and identification documents, and record information on both parties involved in transactions. For example, stablecoins issued by fund transfer service providers have a per-transaction limit of 1 million JPY, and recipients must undergo KYC verification.
• l Transaction Record Keeping: Must retain user information and fund flow details for at least five years.
• l Suspicious Transaction Reporting (STR): If unusual transactions are detected, they must be reported to the Japanese Financial Intelligence Center (JAFIC), which may result in criminal liability.
• l Travel Rule: Since June 2023, stablecoin transfers across borders or between platforms must include sender and recipient identity information to prevent anonymous fund movement.

2. Regulatory Oversight of Intermediaries and Business Categories

Entities engaged in stablecoin trading, conversion, or custody must register with the Financial Services Agency (FSA) as an EPISP and meet capital adequacy and system security requirements. For example, exchanges supporting stablecoin trading must regularly undergo reviews by the Japanese Virtual Asset Trading Association (JVCEA).

3. User Asset Protection and Bankruptcy Response

• l Domestic Asset Preservation Order: In the event of issuer or exchange bankruptcy, the FSA can order user assets to be retained within Japan, preventing cross-border transfers. This mechanism was applied during the 2022 bankruptcy of FTX Japan, ensuring user assets were not affected by overseas liquidation.
• l Reserve Fund Safeguarding and Independent Audit: Issuers must fully back stablecoin issuance with demand deposits or highly liquid assets (e.g., government bonds), and must have their reserve funds verified quarterly by a third-party auditor. For instance, the first JPY-pegged stablecoin, JPYC, expected to be approved by the Japanese Financial Services Agency in autumn 2025, plans to publish reserve proofs monthly and implement Hardware Security Modules (HSMs) for private key management.
• l International Standards and Cross-Border Collaboration: As a FATF member, Japan has fully implemented the “Travel Rule” and is conducting stablecoin interoperability and cross-border compliance cooperation with South Korea, ASEAN, and the G20. This strategy strengthens AML/CFT international consistency and promotes the compliant application of Japanese stablecoins in the global market.

2.4.3 South Korea’s Stablecoin Regulatory Policy

1. Legislative Implementation and Background

The Virtual Asset User Protection Act (VAUPA) was announced on July 18, 2023, and came into effect on July 19, 2024, marking the first dedicated legislation in South Korea to regulate digital asset platforms. The draft Digital Asset Basic Act, proposed on June 10, 2025, aims to further expand the regulatory scope, including clarifying the stablecoin issuance framework and regulatory standards. This reform stems from the market trust crisis triggered by the Terra-Luna collapse in 2022, with the legislative intent to strengthen compliance foundations and risk control systems.

2. Regulatory Authorities and Compliance Requirements

The Korea Financial Intelligence Unit (KoFIU), also known as the Financial Intelligence Agency, is responsible for overseeing the registration of digital asset service providers and conducting AML/CFT compliance reviews;

The Financial Services Commission (FSC) and the Financial Supervisory Service (FSS) oversee market operations, protect user rights, and enforce on-site regulatory actions.

3. AML/CFT Regulatory Compliance Measures

South Korea enforces highly detailed AML/CFT regulations on digital asset service providers. All such providers must register with KoFII prior to commencing operations, obtain ISMS (Information Security Management System) certification, and open accounts with financial institutions that support real-name banking. Failure to complete these requirements may result in KoFIU rejecting the registration application; no digital asset business activities are permitted before registration is finalized. Customer Identification (KYC) and Customer Due Diligence (CDD) are fundamental prerequisites. Digital asset service providers must verify user identities before account opening or when transaction volumes reach 1 million KRW (approximately $700 USD), and must enhance due diligence for high-risk users. The Travel Rule has been enforced since March 25, 2022, requiring digital asset service providers to provide sender and receiver names and wallet addresses when transferring funds ≥1 million KRW to another digital asset service provider. In cases where required by the registration authority or official request, identity documentation—including identification numbers—must be submitted within three working days. Records must be retained for five years; violations may incur fines up to 30 million KRW. Suspicious Transaction Reports (STRs) and transaction monitoring systems are mandatory. Providers must report any suspicious transactions to KoFIU or FSS upon detection.

4. User Asset Protection Mechanisms

Asset Segregation Requirement: Digital asset service providers must maintain user assets separately from platform-owned assets to prevent user losses in case of platform insolvency.

Bankruptcy Trust and Preservation Mechanism: In the event of a digital asset service provider’s bankruptcy, the FSC/FSS may issue an asset retention order to ensure user assets remain in South Korea, protecting them from foreign liquidation proceedings.

Reserve Transparency and Auditing: Stablecoin issuers must maintain full collateralization of issued stablecoins by underlying assets, conduct regular audits, and enhance transparency in disclosing reserve holdings.

5. Strategic Trends and International Cooperation

In July 2025, the Bank of Korea established a dedicated "Digital Assets Task Force" to strengthen policy responsiveness, monitor international developments in stablecoin regulation (e.g., the U.S. GENIUS Act), and prepare for future legal institutionalization.

Media reports indicate the government plans to submit a “second phase” VAUPA tax bill in October 2025, covering stablecoin issuance, secure custody, and internal control mechanisms, further refining the regulatory framework.

2.4.4 UAE Stablecoin Regulatory Policy

The UAE divides token regulation among the Dubai Virtual Assets Regulatory Authority (VARA), the Abu Dhabi Financial Services Regulatory Authority (FSRA), and the Securities and Commodities Authority (SCA). In 2024, the Central Bank of the UAE introduced the Payment Token Services Regulations (PTSR), formally bringing stablecoins under regulatory oversight.

Stablecoin Definition: The UAE Central Bank explicitly classifies stablecoins as "payment tokens." A payment token is a digital asset whose value is maintained through pegging to fiat currency or another payment token denominated in the same fiat currency.

Stablecoin Issuance: Includes Dirham-pegged and foreign-currency-pegged stablecoins. Entities issuing Dirham-pegged stablecoins must obtain a payment token issuance license from the UAE Central Bank. Key conditions include being registered under Federal Law No. 2 of 2015 on Commercial Companies in the UAE; ensuring stablecoin issuance is fully backed by independent reserve assets; and undergoing independent audits and financial disclosures. Foreign entities issuing stablecoins pegged to non-dirham currencies must register with the UAE Central Bank as foreign payment token issuers. Additionally, foreign-currency stablecoins are restricted to digital asset transactions only and cannot be used for goods/services or domestic payments within the UAE.

Stablecoin Custody and Transfer: Must be licensed by SCA or any local licensing authority as a digital asset service provider. Individuals providing custody services for digital assets may apply for a non-objection registration to execute stablecoin custody and transfer. Any other party seeking to perform payment token custody and transfer must obtain a license from the central bank.

Stablecoin service providers holding licenses must meet the following requirements when engaging in stablecoin custody/transfer or stablecoin exchange services:

If the monthly average value of stablecoin transfers initiated, facilitated, executed, guided, or received as part of their stablecoin services reaches or exceeds 10 million AED, they must hold at least 3 million AED in regulatory capital;

If the monthly average value of payment token transfers falls below 10 million AED, they must hold at least 1.5 million AED in regulatory capital.

Additionally, the Payment Token Services Regulations apply to natural or legal persons offering "payment token services" in the UAE but do not cover financial free zones such as DIFC and ADGM. Currently, the Dubai Financial Services Authority (DFSA) has approved the use of USDC, EURC, and RLUSD in the DIFC region.

2.5 Chapter Summary

Overall, this chapter systematically compares the stablecoin regulatory frameworks of Hong Kong and the United States, while reviewing policies across other jurisdictions (such as Singapore, Japan, South Korea, and the UAE), revealing current trends in international stablecoin regulation regarding differences and convergence in philosophy, objectives, and institutional design.

First, in terms of regulatory philosophy and strategic goals, Hong Kong primarily prioritizes financial stability and systemic risk mitigation, emphasizing licensing regimes, reserve transparency, and end-to-end AML/CFT controls—reflecting a "risk-first" cautious model. The U.S., meanwhile, applies BSA horizontally and recently attempts to establish a federal-level stablecoin regulatory framework via the GENIUS Act, aiming to safeguard the dollar's core role in global payment systems and gradually strengthen prudential requirements on issuers. Singapore's approach balances innovation encouragement with risk control; Japan’s regulation follows traditional financial licensing logic, with banks and trust institutions as primary issuers; South Korea emphasizes investor protection and holds exchanges and issuers accountable for compliance; the UAE adopts a "regulatory sandbox + segmented regulation" model, showcasing strong institutional flexibility and a preference for attracting foreign investment.

Second, in regulatory tools and institutional arrangements, Hong Kong provides clearer definitions of stablecoins, mandating pegging to fiat currency and imposing strict rules on reserve asset custody, consumer redemption guarantees, and cross-border cooperation. The U.S. focuses more on functional orientation, particularly in AML/CFT (e.g., Travel Rule, SAR/CTR reporting) and consumer protection, forming a multi-layered, multi-agency regulatory policy. Other countries like Singapore, Japan, and South Korea have also incorporated AML/CFT obligations and investor protection measures into their regulatory frameworks, though each varies in emphasis and openness.

Based on the above analysis, current stablecoin regulatory approaches across jurisdictions mainly fall into three types: First, those exemplified by Hong Kong and Japan emphasize ex-ante regulation and financial stability; second, represented by the U.S., focus on function-based regulation, seeking balance between compliance and market development; third, led by Singapore and the UAE, adopt flexible regulatory models, promoting innovation through pilot projects and regulatory sandboxes. As stablecoins increasingly embed into cross-border payments and financial market infrastructure, future convergence in AML/CFT cooperation, reserve transparency, and cross-border recognition mechanisms among different jurisdictions appears likely.

Chapter Three: Financial Security Risks Facing Stablecoins

3.1 Risk Characteristics of Stablecoins

1. 1. Anonymity and Tracing Challenges

Due to their anonymity, rapid cross-border transaction capabilities, and complex regulatory environments, stablecoins are increasingly exploited by criminals across various scenarios, posing new challenges to financial order and social security. Their risk characteristics are primarily manifested in the following aspects:

Criminals leverage the anonymous addresses and intricate transaction behaviors of stablecoins to increase tracing difficulty. By splitting transactions, using mixing techniques (e.g., Tornado Cash), and transferring funds via cross-chain bridges, they create complex fund flow paths, making it difficult for regulators to trace the origin and destination of funds. This technical feature provides natural cover for illicit activities such as money laundering and terrorist financing.

• 2. Inherent Risks of Algorithmic Stablecoins

Algorithmic stablecoins maintain price stability through smart contract mechanisms dynamically adjusting supply and demand (minting/burning). However, under extreme market pressure, this mechanism may fail, leading to severe price volatility or even de-pegging, triggering systemic market and social risks. For example, the “UST collapse event”: Terra’s algorithmic stablecoin TerraUSD (UST), which was pegged 1:1 to the U.S. dollar, lost its peg due to market panic and massive withdrawals. UST’s price plummeted from $1 to $0.05 within hours, causing the LUNA token’s value to crash, resulting in over $50 billion in market cap destruction. This event exposed the structural vulnerabilities of algorithmic stablecoins, prompting global regulators to intensify oversight.

• 3. Smart Contract Vulnerabilities

If smart contract code contains flaws or malicious backdoors, it can lead to theft or unauthorized manipulation of funds. Common vulnerabilities include inadequate input validation, calculation errors, and missing access controls.

• 4. Functional Deficiencies in Smart Contracts

Some stablecoin projects lack essential control features in their design, such as freezing functions or transaction limits, preventing timely intervention when suspicious activity is detected.

• 5. Abuse of Privacy-Enhancing Technologies

Privacy-enhancing technologies like zero-knowledge proofs (ZKP) improve transaction confidentiality but may also be used to fully anonymize transaction details, increasing tracing difficulty. Criminals exploit such technologies to conceal transaction pathways, creating a "technical black box" that prevents regulators from obtaining actionable intelligence, resulting in compliance blind spots.

• 6. Regulatory Arbitrage and Cross-Border Regulatory Risks

Stablecoin issuers often choose to register in jurisdictions with lax regulations, designing structures to evade scrutiny and reduce operational costs. This regulatory arbitrage can render domestic supervision ineffective, creating transnational regulatory vacuums and posing significant challenges to international anti-money laundering (AML) and counter-terrorist financing (CTF) cooperation.

• 7. Classification of Risk Activities

From the perspective of social harm caused by stablecoin-related incidents, risk activities include:

Illegal Activities: Such as terrorist financing, human trafficking, drug trafficking, ransomware attacks, fraud, identity theft, and impersonation scams.

Suspicious Activities: Including darknet markets, unlicensed gambling, and the use of mixers.

3.2 Illegal Activity Risks

3.2.1 Terrorist Financing

On April 3, 2025, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) announced the addition of eight Tron wallet addresses linked to Yemen’s Houthi movement to the Specially Designated Nationals (SDN) list, accusing them of using Tether (USDT) for illicit financial activities.

According to Treasury disclosures, this illicit financial network was orchestrated by Sa’id al-Jamal, a senior financial officer of the Houthi movement based in Iran, who has been designated a Global Specially Designated Terrorist since 2021. His network is involved in procuring Russian weapons, stolen Ukrainian grain, and other sensitive goods, shipping them to Houthi-controlled areas.

On June 15, 2025, Tether, the issuer of USDT, froze 12.3 million USDT directly targeting Houthi-linked wallet addresses.

The Houthi case demonstrates that digital assets have become a key tool for terrorist financing and arms trading. Their anonymity, fast settlement, and cross-chain characteristics provide loopholes for criminals to evade sanctions.

Figure 3-1 Diagram of Terrorist Financing Fund Flow

3.2.2 Human Trafficking and Drug Trafficking

Early in 2025, we provided partial information, data, and analysis support for a report by the United Nations Office on Drugs and Crime (UNODC) titled “Inflection Point: Global Implications of Scam Centres, Underground Banking and Illicit Online Marketplaces in Southeast Asia.” The report indicates that transnational organized crime in Southeast Asia is growing faster than ever in history.

This is first evident in synthetic drug production data: over the past decade, methamphetamine supply from Myanmar’s Shan State has risen annually to record highs. Meanwhile, industrial-scale networks of fraud and scams driven by interconnected webs of complex multinational syndicates, money launderers, human traffickers, data brokers, and an increasing number of other professional service providers and accomplices have surged.

Asian criminal groups have become authoritative leaders in global online fraud, money laundering, and underground banking, actively strengthening collaboration with other major criminal networks worldwide. The emergence of new illicit online markets in Southeast Asia has further exacerbated the situation, greatly expanding sources of criminal income and enabling transnational organized crime to scale up. These platforms not only create new opportunities for criminal operations abroad but are increasingly used by criminal groups outside Southeast Asia to launder money and circumvent formal financial systems. These network fraud and other cybercrimes are closely linked to forced human trafficking. Meanwhile, major criminal groups collude with one another, infiltrating casinos, special economic zones, commercial parks, and various traditional financial and digital financial services—establishments proven capable of providing all necessary conditions, infrastructure, and regulatory, legal, and fiscal safeguards for sustained growth and expansion.

Under this context, many criminal organizations already operating at substantial scale within Southeast Asia and continuing to expand globally have rapidly diversified into multiple critical infrastructure sectors. This goes far beyond building and managing physical scam centers; their operations now include online gambling platforms and software services, illegal payment platforms and digital asset exchanges, encrypted communication platforms, stablecoins, blockchain networks, and illicit online marketplaces—all typically controlled by the same criminal network. These organizations have also developed large multilingual workforces comprising hundreds of thousands of victims of human trafficking and accomplices.

These developments have rapidly expanded the victim base of Asian criminal groups to a global scale, intensifying the challenges faced by law enforcement agencies.

Figure 3-2 Map of Scam Hubs and Human Trafficking in the Mekong River Basin from the Report

Figure 3-3 Distribution of Victims’ Origins in the Report on Human Trafficking

Report Access Link: “Inflection Point: Global Implications of Scam Centres, Underground Banking and Illicit Online Marketplaces in Southeast Asia”

https://www.unodc.org/roseap/uploads/documents/Publications/2025/Inflection_Point_2025.pdf

3.2.3 Ransomware Attacks

Attackers encrypt victims’ device data and demand ransom payments in BTC or other digital assets to restore access. Due to their anonymity, cross-border payment convenience, and irreversible transactions, stablecoins are frequently used by ransom gangs for money laundering after receiving ransoms.

Risk Case: On March 7, 2025, the U.S. Department of Justice (DOJ) joined forces with German and Finnish authorities to seize Russia-based digital asset exchange Garantex, which had been investigated multiple times for allegedly helping ransomware gangs launder money. It is reportedly deeply connected to the global cybercrime economy, with previously destroyed ransomware groups like Conti relying on Garantex for money laundering. The exchange helped ransomware operators clean stolen digital assets by converting Bitcoin into USDT and then transferring it to other exchanges for conversion into USD and other fiat currencies.

3.2.4 Fraud and Identity Theft

Identity theft and fraud are among the most serious cybercrimes, potentially causing long-term, devastating, and irreparable consequences for affected individuals, groups, and companies. In recent years, stablecoins—due to their broad consensus and rapid transaction speed—are increasingly appearing in related scenarios such as hacking tool sales, illegal rental of personal accounts, illegal trade of personal information, fraudulent victim payments, and extortion payments.

Risk Case:

1. Fraudulent Activities Using Stablecoins as a Hook: With the implementation of Hong Kong’s Stablecoin Ordinance, the concept of "stablecoin" has gained significant attention. However, during market euphoria, illegal activities exploiting the "stablecoin" narrative have already begun emerging.

For example, since July 2025, financial regulators and industry self-regulatory bodies in Zhejiang, Shenzhen, Beijing, Suzhou, Chongqing, Ningxia, Henan, and other regions have repeatedly issued risk warnings, emphasizing that "stablecoins" are being misused by criminals, highlighting the need for heightened vigilance. Hong Kong regulators have also issued repeated warnings urging the public to beware of scams exploiting the stablecoin concept. Furthermore, authoritative media outlets such as Economic Daily have concentrated coverage on the risks associated with stablecoins.

Recently, numerous scams have emerged under the banner of "JD Stablecoin," claiming "state-owned background," "guaranteed profits," and "endorsed by Dong Ge." Some even posted "profit screenshots" to urge quick participation. JD’s official team has issued two statements clarifying that the so-called "JD Stablecoin" has not yet been launched, and all related investment information circulating online is fraudulent.

Figure 3-4 Fake JD Stablecoin

2. Fraudulent Activities Using Stablecoins as a Channel: On June 26, 2025, the “Xinkangjia” investment platform, purportedly backed by the “Dubai Gold Exchange (DGCX)” and promising a daily return of 1%, collapsed suddenly. The platform had offices across China (Guizhou, Suzhou, Chongqing, Sichuan, Xiangtan, Shenzhen), with involved amounts reaching hundreds of billions and affecting approximately 2 million investors.

DGCX Xinkangjia used USDT for project participation and fund settlement. Registration required an invitation code and spread almost exclusively through personal networks. Participants had to pay a minimum of 1,000 USDT as an entry fee, requiring them to purchase USDT themselves for top-up. However, due to operational complexity, most newcomers directly exchanged their USDT for RMB and transferred the funds to their superiors. The USDT deposited by users entered the platform-controlled private wallets directly.

3. Personal Identity Information Theft: In March 2025, the incident of a 13-year-old girl participating in “doxxing” against a pregnant woman quickly became a viral internet topic, thrusting the term “doxxing” into the spotlight and exposing a corner of the gray market for citizen data leaks. On Telegram, accounts offering doxxing services listed over 50 types of user privacy information, including ID documents, household registration, marriage records, travel history, food delivery addresses, and asset transaction records. Users could obtain this data by topping up sufficient amounts.

From the perspective of personal data leakage pathways, identity theft has formed a gray industry chain. Within this chain, there are specialized groups and individuals collecting and leaking personal information, intermediaries purchasing data from leak sources, buyers and sellers sharing and disseminating various personal information databases, and individuals and groups buying personal data from intermediaries to commit crimes. Their transaction payment channels include WeChat, Alipay, and USDT and other digital assets. Querying information such as a person’s phone number, address, and academic credentials via “doxxing” ranges from “a few dozen USDT” to “several hundred USDT” per item.

According to Beosin’s Alert platform monitoring, there are currently at least hundreds of Telegram groups involving personal data trading, with most payments conducted via USDT. These groups handle financial data (loans, insurance), hacked government or corporate data, and personal privacy data related to doxxing.

3.2.5 Impersonation Scams

Criminals frequently conduct phishing attacks by impersonating websites or apps of digital asset financial institutions, causing users to suffer losses due to their inability to distinguish authenticity.

Risk Case:

Hubei Ezhou “OURBIT” Platform Scam Case: A scam gang established the “OURBIT Digital Asset Trading Platform” (Oubit Platform), falsely advertising “registered in Singapore” and “holding financial licenses from the UK and US,” promoting features like “new stop-loss and take-profit,” “first-ever zero slippage trading,” and fabricating K-line charts based on Bitcoin market prices. They created fictitious trading scenarios for nine digital assets, giving a professional and compliant appearance to attract investors. The platform used USDT for deposits and withdrawals, with involved amounts totaling 460 million RMB.

Wenzhou, Zhejiang Impersonated Digital Wallet Scam Case: Mr. Zhuo was lured by “Lulu,” who pretended to be a digital asset wallet promoter, to scan a QR code and download a malicious high-fidelity replica digital asset wallet app. The app stole his wallet mnemonic seed via backdoor programs, directly stealing all his digital assets, including USDT and other stablecoins.

3.3 Suspicious Activity Risks

3.3.1 Darknet Markets

Due to their anonymity, convenience, and global liquidity, stablecoins have become a common currency for darknet transactions. On darknets, buyers and sellers can make anonymous payments via USDT, bypassing traditional financial institution oversight. This makes USDT widely used in darknet trading, facilitating the development of darknet markets. Some darknet platforms have already accepted stablecoins as a payment method for illegal goods (e.g., user data, drugs).

Figure 3-5 A Darknet Platform

3.3.2 Guarantee Platforms

Black and gray industries in Southeast Asia have formed a new criminal infrastructure centered around stablecoins like USDT. Criminal syndicates use stablecoins and Telegram groups—decentralized channels—to provide instant settlement services for online fraud and cross-border gambling, even establishing closed-loop ecosystems of fund pools, guarantees, and conversions. Guarantee platforms, as emerging money laundering channels, have seen rapid growth in recent years, with both user base and capital scale experiencing exponential increases. Data shows that from 2021 to 2025, total bets placed on various guarantee platforms exceeded 4.6 million users, with betting volume surpassing 10.9 billion USDT (approximately 7.94 billion RMB). In 2025 (as of April 25), bettors on guarantee platforms exceeded 110,000, with betting volume exceeding 2.7 billion USDT (approximately 1.96 billion RMB).

Table 3-1 Overview of Selected Guarantee Platforms

Platform Name	First Half of 2025 Betting Volume	Public Group User Count	Status
Huiwang Guarantee	1.946 billion USDT	290,000	Established in 2021, a Telegram-based online guarantee platform and the largest market serving network black and gray industries on Telegram. Later renamed “Haowang Guarantee.”
Xinbi Guarantee	1.53 billion USDT	150,000	Second-largest Telegram guarantee platform. Previously briefly banned due to Huiwang’s impact but has since been fully unbanned and resumed normal operations with increased user count.
Tudou Guarantee	93 million USDT	140,000	After Huiwang’s collapse, the platform announced redirecting merchants and users to Tudou Guarantee. User count and on-chain transaction funds have significantly increased. Tudou Guarantee previously claimed Huiwang’s investment on its website, now removed.
Binance Guarantee	94.5 million USDT	90,000	Founded in 2023, stabilized through industry integration and mergers, now gradually becoming the third-largest guarantee platform on Telegram.
Shengfeng Guarantee	160.6 million USDT	11,000	Shengfeng Guarantee began in 2020 handling white cash acceptance and large cash transactions nationwide. Launched its guarantee department in December 2023, primarily providing guarantees for acceptance and channel services.

1. Introduction to the Huiwang Guarantee Case

Huiwang Guarantee (Huione Group) was founded in 2021 as a Telegram-based online guarantee platform and the most well-known, largest market on Telegram serving network black and gray industries. It later rebranded as “Haowang Guarantee” (Haowang Guarantee).

Haowang Guarantee publicly claims to be merely a matching guarantee platform, but in reality, it has long assisted transnational criminal activities such as money laundering and fraud in Southeast Asia. Its merchants openly sell scam technology tools, human trafficking-related tools, citizen privacy data, and USDT-based money laundering services, with transaction totals reaching at least $27 billion.

By the end of April 2025, Beosin identified over 290,000 users on Haowang Guarantee, with more than 6,000 service providers. There were 12 major business categories covering over 70 subcategories, with accumulated on-chain address tags exceeding 500,000.

2. Crackdown on Huiwang and Other Guarantee Platforms

On July 13, 2024, Tether, the issuer of USDT, announced freezing approximately 29.62 million USDT assets in addresses associated with Huiwang Platform, accusing it of laundering proceeds from hacker attacks on DMM Exchange, Poloniex, and similar institutions.

Early 2025, Apple and Google removed apps developed by the Huiwang Group;

January 2025, Cambodia’s National Bank revoked Huiwang Pay’s operating license, marking its illegality locally;

May 1, 2025, the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) designated Huiwang Group as a “primary money laundering concern foreign financial institution,” planning to list it under the “Significant Money Laundering Concern” category under Section 311;

May 13, 2025, thousands of channels, merchant accounts, and groups related to Haowang Guarantee and Xinbi Guarantee were massively banned on Telegram, followed by Haowang Guarantee’s announcement of ceasing operations.

According to Beosin’s Alert platform monitoring, after Haowang and other guarantee platforms ceased operations, a large number of digital asset black and gray industry actors swiftly migrated to other guarantee platform groups to continue operations. Since 2024, a batch of secondary guarantee platforms such as Xinbi Guarantee, Tudou Guarantee, and Shengfeng Guarantee have emerged, offering more differentiated guarantee transaction group services. Notably, over a hundred short-lived small and medium-sized guarantee platforms have also emerged, providing transaction guarantees for more socially harmful illegal activities such as drug trafficking, human trafficking, smuggling, and illegal border crossing.

3.3.3 Typical Money Laundering Cases

Take the prevalent “cash/gold/physical goods + returning USDT” type of money laundering crime in mainland China as an example. In previous telecom network fraud cases, victims’ money was generally transferred to fraudsters via bank cards or third-party payment methods. With intensified crackdowns by Chinese public security organs on telecom network fraud, fraudsters face increasing difficulty transferring illicit funds through traditional means, thus reverting to the most primitive method—door-to-door cash pickup.

After deceiving victims through scripted conversations, fraudsters often claim that “cash top-ups have high timeliness and strong transaction security” or “online top-up channels are temporarily under maintenance” to lure victims into handing cash directly to “U merchants” who come to their door. In reality, these so-called “U merchants” are usually carefully arranged “carriers” by the fraud ring, whose core function is to quickly collect cash offline and enable efficient transfer of illicit funds.

Specifically, criminals recruit “door-to-door cash collection teams” via Telegram’s guarantee groups, then lure victims into handing cash to “crypto merchants” (actually cash carriers). Team leaders direct carriers to collect cash from victims at agreed times. After collection, funds are immediately converted into USDT and transferred to upstream criminal groups’ designated on-chain addresses, forming a complete criminal chain: overseas fraud → domestic cash pickup → digital asset money laundering.

Currently, the items and methods of door-to-door cash pickup are also evolving. Besides cash, the items subject to pickup have upgraded to gold, jewelry, luxury goods, electronic products, etc., diversifying the targets and making detection harder. Beyond direct door-to-door transactions, fraudsters may arrange meetings at hidden or remote locations with victims, or even use express delivery, ride-hailing, flash delivery, and other methods to transfer illicit funds, making the operation more covert and increasing the difficulty of investigation and prosecution.

Risk Case:

On August 19, 2025, the Maldives Police Force issued a public alert warning citizens about a new scam technique emerging in the country. Typically, this scam is carried out by unknown third-party intermediaries. Scammers contact both USDT sellers and Chinese citizens holding cash, arranging offline transactions between them. The Chinese citizen pays in cash on the spot, while the seller transfers USDT to a wallet address provided by the scammer. After the transaction, the scammer disappears, leaving both parties without proper compensation, with funds seized by the intermediary, causing mutual misunderstandings and difficulty in accountability. This scam specifically targets foreigners, especially Chinese citizens.

In August 2025, the Nanshan County Public Security Bureau in Sichuan Province successfully dismantled a gang impersonating U merchants for money laundering. On August 5, resident Jing XX reported being defrauded of 80,000 RMB through digital asset investment, with the perpetrator withdrawing cash twice outside a tea house in the jurisdiction. After investigation by a task force, the suspect vehicle and individuals were identified. It was found that they fled to Nanchong, Suining, Chengdu, and other areas on August 6. That night, police arrested four suspects in Chongzhou, seizing 225,000 RMB in involved funds and two vehicles used in the crime. Investigation revealed the gang had committed similar crimes in multiple locations under the guise of U merchants. The case is under further investigation.

According to Beosin-AML monitoring data, long-term, high-frequency “money laundering fleets” exist across 34 provinces, autonomous regions, and municipalities in mainland China. The average single dispatch amount exceeds 100,000 RMB, with some high-incidence provinces recording dozens of dispatches per day. The scale and professionalism of such criminal activities have drawn high attention from public security departments, prompting active responses. According to relevant reports, regions such as Beijing-Tianjin-Hebei, Yangtze River Delta, and Pearl River Delta are continuously optimizing early-warning and prevention systems against telecom network fraud through “combating and preventing together,” effectively intercepting and cracking down on the “offline cash pickup” stage, establishing a rapid response mechanism for suspicious cash pickup leads, and thoroughly investigating and dismantling the “cash pickup carriers” and their underlying organizational chains. A preliminary full-chain governance model of “monitoring-warning-cracking” has been formed.

3.3.4 Unlicensed Online Gambling Services

Unlicensed gambling platforms utilize stablecoins for rapid, anonymous fund settlement. Online gambling platforms (especially cross-border illegal ones) are heavy users of stablecoins. These platforms typically do not accept direct fiat currency deposits (to avoid bank supervision) but require users to convert fiat into stablecoins before transferring to designated platform addresses. Betting settlements and withdrawals are completed using stablecoins. By evading traditional financial regulation, the cross-border nature of stablecoins makes them the preferred payment method for such platforms. Once stablecoins enter the gambling platform’s fund pool, they may mix with funds from fraud, extortion, and theft, further polluting and spreading through user withdrawals, posing serious threats to financial regulation and crime fighting.

A large number of online gambling platforms serving Chinese citizens allow gamblers to use stablecoins for deposits and withdrawals. According to monitoring by Beosin’s Alert platform, the total transaction volume of online gambling platforms exceeded $38 billion in 2024, with stablecoins accounting for a significant proportion.

1. Common Types of Stablecoin-Related Online Gambling

Traditional Online Gambling with Digital Asset Deposits/Withdrawals: In this type of online gambling, platforms usually offer multiple deposit/withdrawal methods, such as bank cards, third-party payment platforms, fourth-party payment platforms, and USDT stablecoins. Gamblers can choose to deposit/withdraw directly via USDT.

New Blockchain Hash Gambling: Blockchain hash gambling is currently one of the most popular forms of gambling involving digital assets. When digital assets are transferred, a unique blockchain hash value is generated. This type of gambling uses the last digits of the block hash value—its size, odd/even status, sum of digits, or combinations of digits and letters—as the basis for determining wins or losses. The platform uses smart contracts to determine the gambler’s outcome instantly and return rewards, allowing fast in-and-out transactions. Users do not need to register accounts, and the casino’s fund pool is visible in real time.

2. Reported Risk Cases Involving Stablecoins in Online Gambling

400 Million USDT Online Gambling Money Laundering Case: According to law enforcement charges, a programmer residing overseas for a long time helped multiple gambling platforms settle betting funds totaling over 400 million USDT in the past two years, equivalent to approximately 2.7 billion RMB. The individual illegally profited by over 900,000 USDT, worth about 6 million RMB. The programmer is accused of providing digital asset payment settlement services for multiple overseas gambling websites, suspected of violating the crime of operating a gambling den.

3.3.5 Misuse of Mixers and Cross-chain/Exchange Platforms

Stablecoins have long served as the primary circulating asset within financial tools such as mixers, cross-chain bridges, exchange pools, and privacy wallets, allowing holders to mitigate transaction value volatility risks due to their stability. However, these financial tools are frequently maliciously exploited by criminals to sever transaction trails, obscure fund origins and destinations, and render blockchain transaction records untraceable. Their main use cases include money laundering for cybercrime proceeds and circumventing sanctions for fund flows.

Cybercrime Proceeds Money Laundering: Hackers, robbers, and cyberattack groups process illicit funds through mixers in multiple layers before exchanging them into stablecoins for staged disposal. Leveraging the widespread acceptance of stablecoins, they quickly convert them into fiat currency or other assets.

Circumvention of Sanctions: Entities or individuals under international sanctions use mixers or privacy wallets to process funds, bypassing traditional financial system sanctions, enabling cross-border fund movement.

Table 3-2 Overview of Typical Mixers and Cross-chain Exchange Platforms

Platform Name	Stablecoin Trading Volume (H1 2025)	Total Trading Volume (H1 2025)	Status
Tornado Cash Mixer Platform	10 million USD	1.437 billion USD	Tornado Cash is a decentralized, non-custodial privacy solution. It enhances transaction privacy by breaking the on-chain link between source and destination addresses. Deployed on ETH, BSC, Polygon, Optimism, Arbitrum, Gnosis, Avalanche, and other public chains.
THORChain Cross-chain Bridge	1.7 billion USD	12.827 billion USD	THORChain is a decentralized cross-chain exchange (DEX) allowing users to directly swap digital assets between different blockchains (e.g., Bitcoin, Ethereum, Litecoin, BSC, Tron).
LI.FI Cross-chain Bridge	10.6 billion USD	15.263 billion USD	LI.FI is a cross-chain aggregator. It is not a bridge itself but finds the optimal route for transferring assets between different chains (best price, fastest speed). It intelligently routes through multiple different cross-chain bridges and DEXs.
Across Cross-chain Bridge	2.79 billion USD	6.88 billion USD	Across Protocol is an emerging cross-chain bridge built on UMA’s Optimistic Oracle. It combines Optimism oracle, relayers, and one-sided liquidity pools to provide decentralized instant transactions between chains. Currently supports Ethereum, Arbitrum, Optimism, and Polygon networks.
Uniswap Exchange Platform	240 billion USD	790 billion USD	Uniswap is the largest and most influential decentralized exchange (DEX) on the Ethereum blockchain. It allows users to trade various Ethereum-based tokens (ERC-20 standard) directly from their digital asset wallets without permission or registration, without going through centralized intermediaries like Coinbase or Binance. Core features include non-custodial, permissionless & no KYC, automated market maker (AMM) model, and free listing.
PancakeSwap Exchange Platform	75 billion USD	735 billion USD	PancakeSwap is the largest decentralized exchange (DEX) and automated market maker (AMM) on the Binance Smart Chain (BNB Smart Chain, BSC). Users interact via non-custodial wallets (e.g., MetaMask, Trust Wallet), fully controlling their funds without registration or KYC. Core features include BSC-based, extremely low fees, AMM model, non-custodial & permissionless, free listing. Over 25 million active user addresses in H1 2025.

1. Case of Tornado Cash Being Exploited for Money Laundering

Ronin Bridge Hack Incident: In March 2022, attackers linked to the North Korean Lazarus Group exploited a vulnerability in Axie Infinity’s Ronin Bridge, stealing 173,600 ETH and 25.5 million USDC, valued at $625 million at the time. Subsequently, the U.S. Department of Treasury’s OFAC sanctions report explicitly stated that hackers used Tornado Cash to launder part of the stolen funds. They mixed the stolen ETH via Tornado Cash before transferring it to other addresses for conversion or relocation, laundering over $455 million in digital assets stolen from the Ronin Bridge.

Xinkangjia Investment Fraud Case: The project used stablecoins for deposits and withdrawals, rapidly transferring funds across borders upon fleeing, involving approximately 13 billion RMB and affecting around 2 million investors. In just 48 hours before collapse, the project leveraged a mixer (Tornado Cash) to quickly transfer approximately 1.8 billion USDT to overseas destinations.

    2. Cases of THORChain and LI.FI Being Exploited for Money Laundering

Bybit Hack Incident: On the evening of February 21, 2025, the cold wallet holding ETH on the digital asset exchange Bybit was hacked, resulting in stolen assets valued at nearly $1.5 billion. Initially, hackers split the stolen funds and transferred them to multiple other addresses under their control. Then, they used Chainflip, ChangeNow, Thorchain, LI.FI, DLN, and other exchange and cross-chain operations to convert USDT and ETH into BTC, further transferring and concealing the fund flow. Among these, Thorchain and MayaSwap became primary channels for moving Bybit’s stolen funds. Finally, hackers used mixers to further obscure the fund trail, laundering the stolen BTC.

Figure 3-6 Hacker Funds Flow Analysis

3. Cases of Exchange Platforms Being Exploited for Money Laundering

On October 16, 2024, Radiant Capital suffered a security breach, resulting in losses of approximately $50 million. Hackers used mixers and cross-chain bridges to cut off the trail of funds, and recently sold 2,496 ETH at $4,741 per ETH, raising approximately $11.83 million in DAI.

3.4 Chapter Summary

Global law enforcement agencies have established a multi-tiered response system to risks associated with stablecoins, forming a comprehensive regulatory network through technological tracking (e.g., blockchain analytics tools), judicial cooperation (e.g., cross-border asset freezes), and policy frameworks (e.g., Hong Kong’s Stablecoin Ordinance).

As of August 24, 2025, monitoring by Beosin’s Alert platform shows that the total circulating supply of USDT is approximately 16.71 billion, with over 2.505 billion USDT frozen on Ethereum, TRON, Arbitrum, and Avalanche chains—representing 1.49% of the total. The total circulating supply of USDC is approximately 6.75 billion, with over 108 million USDC frozen on Ethereum, TRON, POLYGON, and Arbitrum chains—accounting for 0.16%.

Although the scale of funds used in illegal activities via stablecoins has raised concerns, their share in actual transaction volume remains relatively limited. We believe that as anti-money laundering standards evolve (e.g., FATF Travel Rule implementation, mandatory smart contract freezing functionality), the risk exposure is gradually narrowing.

As the world’s first jurisdiction to establish a regulatory framework for stablecoin issuers, Hong Kong leverages a “100% collateralization + statutory audit + real-time monitoring” tripartite mechanism, combined with blockchain tracking technology provided by firms like Beosin, to form a risk control system covering the entire lifecycle of issuance, circulation, and redemption. With mature financial infrastructure and a robust cross-border cooperation network, Hong Kong has the capability to safeguard financial innovation while positioning its stablecoin projects as global compliance benchmarks.

Chapter Four: Anti-Money Laundering Technical Solutions for Hong Kong Stablecoins

4.1  Comprehensive Technical Solution for Stablecoin Regulation and Key Technology Introduction

In the Web3 ecosystem, stablecoins serve as a crucial bridge connecting traditional finance and the digital economy. Throughout their lifecycle—from issuance preparation and transaction circulation to operational monitoring and asset redemption—each stage presents security and compliance risks. This solution constructs a comprehensive security defense system covering the entire stablecoin lifecycle, focusing on three core dimensions: source prevention, dynamic monitoring, and precise governance, providing a holistic security solution for stablecoins throughout their lifecycle:

Figure 4-1 Beosin’s “One-Stop” Stablecoin Security and Compliance Technical Solution

Based on the comprehensive technical solution for stablecoin regulation, this proposal offers a stablecoin regulatory solution centered on a stablecoin smart contract whitelist, tailored to meet the regulatory requirements of Hong Kong’s “Stablecoin Ordinance” and the “Guidelines on Combatting Money Laundering and Terrorist Financing.” Key features of this solution include:

1. 1. Whitelist Achieves Closed-Loop Stablecoin Fund Flow
2. 2. KYT/KYA Enables Real-Time Risk Assessment of Stablecoin Transactions and Wallet Addresses
3. 3. Contract Operation Monitoring Provides Real-Time Oversight of Stablecoin Minting, Burning, and Freezing Operations
4. 4. Situational Analysis Enables Risk Monitoring and Asset Distribution Analysis of Stablecoin Transactions
5. 5. TransTracer Enables Tracking and Tracing of Risky Funds
6. 6. Issuers and Financial Institutions Confirm Identity Information Under the Travel Rule

Figure 4-2 Regulatory Technology Solution Based on Hong Kong’s Stablecoin Ordinance

The stablecoin regulatory technology solution involves the following key technologies:

1. KYC

KYC (“Know Your Customer”) is the core process executed by financial institutions, payment platforms, digital asset exchanges, P2P lending companies, and other entities handling funds or sensitive businesses to comply with anti-money laundering (AML), anti-terrorist financing (CFT), and other regulatory requirements. Its essence lies in collecting and verifying customer identity information (e.g., ID card, passport, address proof), understanding the source of funds and intended business use, assessing customer risk levels, confirming the authenticity of customer identities, and eliminating the possibility of identity fraud or using the platform for money laundering, fraud, terrorist financing, and other illegal activities. Ultimately, it ensures the institution’s compliance while safeguarding the safety of the financial system and business ecosystem.

2. KYT

KYT (“Know Your Transaction”) is a real-time monitoring and risk screening process implemented by financial institutions, payment platforms, digital asset exchanges, and other entities on top of KYC (“Know Your Customer”) to further prevent money laundering, terrorist financing, fraud, and other illicit financial activities. Its core is to track key transaction information in real time—such as transaction amount, frequency, fund flow direction, counterpart party identity and region, and whether the transaction pattern aligns with the customer’s historical behavior—and compare this data against risk lists related to AML and CFT (e.g., international sanction lists, high-risk country/region lists, suspicious transaction pattern libraries). If abnormal transactions are detected—such as sudden large fund transfers, frequent transactions with high-risk region accounts, or transaction patterns severely inconsistent with the customer’s background—the system immediately triggers alerts and initiates follow-up verification and reporting procedures, blocking illicit fund flows at the transaction stage and adding a real-time protective layer to the financial system.

3. KYA

In the digital asset context, KYA focuses on “Know Your Address” and extends to “digital asset address risk assessment.” Its essence is a chain-based risk screening, tracing, and rating process conducted by digital asset exchanges, wallet service providers, and on-chain compliance institutions on user-used blockchain addresses (e.g., BTC, ETH, USDT addresses). It is a core component of digital asset AML, CTF, and anti-fraud compliance systems and represents the on-chain extension of traditional KYC (Know Your Customer) identity verification—since blockchain addresses, despite their strong anonymity, have publicly traceable on-chain transaction records, and address risk is directly linked to fund legitimacy. The core evaluation logic revolves around three dimensions: on-chain address history, associated relationships, and compliance attributes. Specifically:

(1) Address Historical Transaction Risk: Trace the address’s transaction history via on-chain browsers or compliance tools to determine if there are high-risk behaviors—such as receiving/transferring “hacker proceeds” (e.g., funds flowing from known stolen wallet addresses), “darknet funds” (interacting with darknet marketplace addresses), “mixer funds” (using mixers to fragment or obscure fund sources to evade tracking), or frequently engaging in “small aggregations → large transfers” or “cross-chain rapid transfers,” typical money laundering transaction patterns.

(2) Address Associated Entity Risk: Verify whether the address is linked to “high-risk entities”—for example, whether it belongs to a sanctioned individual or organization by global regulators (e.g., FATF, OFAC), such as a blockchain address in a sanctioned country, a publicly listed illegal exchange address, a pyramid scheme/fraud fund pool address, or an address with financial links to known money laundering rings or terrorist financing networks.

(3) Address Compliance Attribute Risk: Assess the “transparency” and “compliance record” of the address—whether it is an “anonymous address” (never bound to real-name information on a compliant platform, used solely for anonymous transactions), a “dormant address” (long inactive then suddenly activated with large transactions, suspected of evading monitoring), or previously flagged by security agencies as a “risk address” due to involvement in illegal transactions.

The core purposes of such assessments are twofold: first, from a compliance standpoint, meeting regulatory requirements in various countries for the digital asset industry (e.g., FATF “Travel Rule” requires tracking on-chain fund flows to ensure traceability), avoiding regulatory penalties or license revocation for platforms handling high-risk address funds; second, from a risk prevention standpoint, protecting the platform and legitimate users’ funds—e.g., if a user’s deposit address is assessed as “high-risk,” the platform can trigger an alert, requiring the user to explain the fund source, or restrict deposit/withdrawal operations on that address, preventing illicit funds from entering the platform, or users suffering fund freezes due to accidental deposits into a stolen address.

4. Travel Rule

The Travel Rule is a key compliance framework established by the Financial Action Task Force (FATF), the global apex body for anti-money laundering and counter-terrorist financing. Its core purpose is to prevent money laundering, terrorist financing, and proliferation financing by mandating cross-institutional identity information transmission for “funds or value transfer services” (covering both traditional finance and digital assets). When the transfer amount reaches or exceeds the threshold set by FATF (typically 1,000 EUR/USD in traditional finance, referenced similarly in digital assets), the sending institution (e.g., bank, payment processor, digital asset exchange) must proactively provide the “complete identity information of both sender and recipient” (including name/institution name, account/blockchain address, residence/registration address, contact information) to the receiving institution. The receiving institution must verify the authenticity of the information, retain records properly, and cooperate in providing them upon regulatory inquiry. Its essence is breaking the “identity anonymity” in fund/value transfer to achieve full-chain traceability of fund flows, blocking illicit fund movements at the transaction level. It has now become a mandatory anti-money laundering compliance requirement for financial institutions and digital asset service providers in most countries and regions globally, driving the alignment of compliance standards between traditional and digital finance.

• 5. Stablecoin Smart Contracts

Stablecoin smart contracts are token contracts deployed on blockchains (e.g., Ethereum, Solana) that use pre-defined automated code protocols to issue and manage digital currencies pegged to fiat currency or other assets. They implement transparent issuance, redemption, and transfer functions through verifiable on-chain logic and integrate reserve proof, permission control, and compliance mechanisms (e.g., KYC/AML, freezing functionality) to ensure price stability, security, compliance, and traceability, serving as the technical cornerstone of the stablecoin system. Stablecoin smart contract function interfaces must comply with relevant standards, such as ERC-20 and ERC-3643. Stablecoin smart contracts can implement prohibited transfers and normal releases by setting blacklists and whitelists and identity authentication.

6. Blacklists and Whitelists for Stablecoin Smart Contracts

The blacklist and whitelist mechanism for stablecoin smart contracts is a core permission management module embedded within the contract. Its primary function is to precisely control and restrict on-chain transfer operations of stablecoins. In practical operations, licensed entities (e.g., compliant stablecoin issuers, regulated custodians) can rely on pre-set contract permissions to add specific addresses (e.g., addresses linked to sanctions or money laundering risks) to the blacklist. Once an address is listed on the blacklist, any stablecoin transfer request initiated by that address will be automatically blocked by the contract, preventing the transaction from being executed normally. Simultaneously, licensed entities can also add compliant addresses verified through KYC/AML (e.g., legitimate user accounts, partner financial institution addresses) to the whitelist. Only transfer operations initiated by addresses on the whitelist will be recognized and executed by the contract, thereby achieving dual-directional permission control to satisfy AML, CFT, and regulatory compliance requirements and ensure the safety of the stablecoin circulation ecosystem.

4.2 Stablecoin Whitelist and Contract Security Audits

4.2.1 Stablecoin Whitelist Architecture

Regulatory Text:Guidance on Licensed Stablecoin Issuers under the Stablecoin Ordinance

Section 6.5.3:Licensed entities should identify all operations related to the entire lifecycle of each specified stablecoin they issue, including deployment, configuration, minting, burning, upgrading, suspending, resuming, blacklisting, removing blacklisting, freezing, unfreezing, whitelisting, and any use of operational wallets. For each operation, the licensed entity should establish authorization levels commensurate with the risk level of the operation, along with the triggers and conditions required for execution.

Regulatory Text: Applicable Guidance for Licensed Stablecoin Issuers under the Guidelines on Combatting Money Laundering and Terrorist Financing

Section 5.11:Given that the effectiveness of the aforementioned risk mitigation measures has not yet been confirmed, the HKMA requires licensed entities to exercise caution when assessing whether their systems are sufficiently capable of mitigating money laundering and terrorist financing risks associated with licensed stablecoin activities (particularly peer-to-peer transfers between non-custodial wallets). Unless a licensed entity can demonstrate to the HKMA and convince it that these risk mitigation measures can effectively prevent and combat money laundering, terrorist financing, and other criminal activities, the identity of each stablecoin holder must be verified by one of the following: (i) the licensed entity (even if the holder has no client relationship with the licensed entity); (ii) a properly regulated financial institution or virtual asset service provider; or (iii) a reliable third party.

To ensure that only wallet addresses that have undergone identity verification can hold stablecoins, stablecoin licensees may set up a whitelist within smart contracts and grant both the licensee and qualified institutions joint management authority over the contract whitelist. The typical operational workflow is as follows:

1. 1. The licensee and institution conduct KYC registration and authentication for user information and store it securely.
2. 2. The licensee and institution manage registered wallet addresses within the contract by adding them to the contract whitelist.
3. 3. The licensee and institution perform off-chain Travel Rule checks on both parties involved in the transfer to confirm transaction details.
4. 4. Conduct real-time and periodic risk assessments on whitelist addresses; if the risk level of an address changes, promptly remove it from the whitelist or place it on a blacklist.

Figure 4-3 Stablecoin Smart Contract Whitelist Solution

4.2.2 Stablecoin Smart Contract Design

Regulatory Text: Guidance for Licensed Stablecoin Issuers under the Stablecoin Ordinance

Section 6.5.3: The licensee shall identify all operations related to the entire token lifecycle of each specified stablecoin issued by them,

including deployment, configuration, minting, burning, upgrading, pausing, resuming, blacklisting, removing blacklists, freezing, unfreezing, whitelisting, and any use of operational wallets.

Regulatory Text: Guidance on Anti-Money Laundering and Countering the Financing of Terrorism (Applicable to Licensed Stablecoin Issuers)

Section 5.10: All on-chain stablecoin transactions are automatically recorded in the blockchain block where the transaction occurs, providing a certain degree of traceability to assist in identifying potential illegal activities and associated wallet addresses. Without prejudice to Section 5.11, the licensee may implement various measures to mitigate the risk of stablecoins being used for illicit activities. Examples include: (a) adopting appropriate technological solutions (e.g., blockchain analytics tools) to continuously screen stablecoin transactions and related wallet addresses beyond the initial distribution scope; (b) listing wallet addresses identified as linked to sanctions or illicit activities on a blacklist; and/or (c) swiftly freezing relevant stablecoins upon request from regulatory authorities or law enforcement agencies, or pursuant to a court order.

Section 5.11: Given that the effectiveness of the aforementioned risk mitigation measures has not yet been confirmed, the HKMA requires licensees to exercise caution when determining whether their systems are sufficient to mitigate money laundering and terrorist financing risks associated with licensed stablecoin activities (especially peer-to-peer transfers involving non-custodial wallets). Unless the licensee can demonstrate and convince the HKMA that these risk mitigation measures are effective in preventing and combating money laundering, terrorist financing, and other crimes, the identity of each stablecoin holder must be verified by one of the following: (i) the licensee (even if the holder has no client relationship with the licensee); (ii) a properly regulated financial institution or virtual asset service provider; or (iii) a reliable third party.

Section 6.36: (b) Periodically and/or upon occurrence of triggering events (e.g., when the licensee, while continuously monitoring stablecoin transfers with counterparties, or from other sources such as credible media reports of negative news, or publicly available data indicating the counterparty has previously been involved in targeted financial sanctions, money laundering, or terrorist financing investigations or regulatory actions, becomes aware of any heightened money laundering or terrorist financing risk), review the data obtained from due diligence measures taken on stablecoin counterparties under Section 6.33, and (if applicable) update the risk assessment of the stablecoin counterparties.

1. Functional Requirements for Stablecoin Smart Contracts

Based on guidance requirements, the smart contract must implement the following identity verification and operational management requirements:

• l Deployment: Deploying the smart contract code "onto the chain" to create a runnable program accessible to users. After deployment, the contract address is fixed, and the code cannot be altered arbitrarily (unless an upgrade mechanism is designed).
• l Configuration: Adjusting operational parameters within the contract's allowed range (e.g., token name, token precision, permission allocation).
• l Minting: The stablecoin issuer issues new tokens and sends them to designated addresses. After minting, the total supply of stablecoins increases. For fiat-backed stablecoins, minting must correspond one-to-one with additional fiat reserves held off-chain.
• l Burning: Permanently removing tokens from circulation and deducting them from a specified address—commonly used in redemption scenarios (e.g., when users redeem stablecoins for fiat currency).
• l Upgrading: If the stablecoin contract employs an upgradable architecture, the issuer can upgrade the business logic. Through upgrades, new functionalities can be added to meet updated regulatory requirements or fix current code defects.
• l Pausing/Resuming: Temporarily disabling partial or full contract functions (e.g., transfers, minting, redemptions) during emergencies or under judicial/compliance requirements. Resuming re-enables the corresponding capabilities.
• l Freezing/Unfreezing: Marking addresses identified as illegal or high-risk as "blacklisted," prohibiting them from receiving or transferring stablecoins. Removing a blacklisted address restores normal transfer capability.
• l Whitelist: Only accounts that have undergone KYC/due diligence and received approval can participate in sensitive operations (e.g., first-time receipt of newly minted coins, redemption participation, or custodial accounts directly interfacing with the issuer).

Based on guidance requirements, the smart contract must also implement the following transaction control and real-time screening requirements:

Although regulations do not mandate specific token standards, they clearly state that stablecoin contracts must possess robust governance and compliance functions, including token minting and burning (mint/burn), contract logic upgrades, network-wide pausing, fund freezing, blacklist and whitelist management, etc., to ensure traceability, controllability, and audit compliance.

In technical implementation, issuers typically weigh two paths: extending ERC-20 with additional layers for compliance control, or directly adopting the ERC-3643 standard specifically designed for regulated assets.

Differing from general ERC-20, ERC-3643 is an Ethereum token standard specifically designed for regulated assets. It integrates identity verification and automated compliance engines, constructing a technical architecture that satisfies securities regulations while retaining blockchain efficiency, thereby resolving the core contradiction of traditional financial assets on-chain.

ERC-3643 addresses the core demands of compliant asset tokenization through a modular architecture. This decoupled design enables high configurability. The most critical aspect is the separation between the identity registry and the compliance contract. This design allows compliance rules to be flexibly adjusted according to jurisdictional requirements without altering the core token logic. When a user initiates a transfer, the token contract automatically queries the compliance contract, which cross-checks identity declarations in the identity registry, forming an automated compliance decision chain.

The ERC-3643 technical architecture adopts a two-tier permission control system, inheriting ERC-20 functionality while adding two key compliance layers. The first layer focuses on verifying the identity and eligibility of the transaction recipient, leveraging ERC-734/735 standards to validate the existence of identity claims and certification status from trusted issuers. The second layer imposes global constraints on the token itself, such as daily transfer limits or maximum holder counts. This layered design ensures continuous validation of investor qualifications while providing issuers with flexible tools for regulatory rule execution, meeting the multi-dimensional compliance needs of security tokens.

Table 4-1 Comparison of Technical Implementation Paths for ERC-20 and ERC-3643 Stablecoins

Comparison Dimension	ERC-20 Path	ERC-3643 Path
Design Objective	Focuses on implementing basic token issuance and transfer functions.	Specifically built for regulatory scenarios, primarily addressing compliant management of regulated assets on-chain and identity verification issues.
Compliance Features	Does not inherently support identity verification or embedded compliance rules; requires separate compliance middleware or off-chain KYC systems.	Embeds identity verification and compliance decision-making mechanisms at the token level, enabling flexible configuration of compliance rules.
Permission Control	If freeze, black/white list management is needed, additional complex development and integration of external components are required.	Features a dual-layer permission control system: identity layer verifies recipient eligibility, rule layer sets global constraints, enabling on-chain real-time execution of KYC/AML and regulatory restrictions.
Interoperability	Due to the maturity of the Ethereum ecosystem, it has a mature toolchain, wide compatibility with wallets, exchanges, auditing tools, and other third parties, and seamless interoperability with DeFi components.	Its design emphasizes compliance. Interoperability with some traditional DeFi components may face adaptation challenges due to compliance checks, but offers advantages in specific scenarios like regulated asset cross-chain.
Audit-Friendly	Requires additional middleware and detailed audit records to assist audits, resulting in relatively cumbersome procedures and complex evidence acquisition processes.	All identity verification records and compliance decisions are stored on-chain and verifiable, allowing regulators to directly access relevant information, offering high audit-friendliness.

  2. Contract Framework Design

Under Hong Kong’s regulatory framework, stablecoin issuers must not only ensure token security and stability but also meet strict compliance reviews, traceability, and scalability requirements. Therefore, stablecoin contract design must incorporate mechanisms for permission management, compliance control, upgrade strategies, and risk prevention from the outset. To satisfy these needs, a “three-tier architecture” is recommended: Stablecoin Token Contract + Proxy Contract + Multi-Signature Wallet Contract, achieving secure, flexible, and auditable stablecoin issuance and management through modularity and layered control.

(1) Stablecoin Token Contract

The stablecoin token contract is the core of the entire system, responsible for token minting, burning, and transfers, and embedding compliance control logic. The contract can implement account freezing, blacklist and whitelist management, and network-wide pausing, ensuring every transaction complies with the Hong Kong Monetary Authority (HKMA) regulatory requirements. Technically, either extending ERC-20 with additional layers for compliance control or adopting ERC-3643 designed for regulated assets can be chosen, enabling on-chain identity verification and compliance checks during on-chain circulation, achieving real-time compliance and traceability.

(2) Proxy Contract

The proxy contract manages the upgrade and maintenance of the stablecoin token contract, serving as a secure "upgrade gateway" for the core contract. Through the proxy contract, issuers can smoothly update the token contract when business logic or regulatory requirements change, without changing the token address or migrating user assets, thus reducing operational risks and costs. Additionally, the upgrade process of the proxy contract is controllable and auditable, ensuring long-term scalability and compliance with regulatory requirements.

(3) Multi-Signature Wallet Contract

The multi-signature wallet contract serves as a crucial security layer, managing funds, permissions, and authorization for key operations. For example, high-risk operations such as minting, burning, or contract upgrades require multi-party signatures to execute, similar to how a bank vault requires multiple authorizations to open. The multi-signature mechanism disperses operational permissions, reduces single points of failure, and meets HKMA’s requirements for prudent governance, multi-party oversight, and traceable operations by stablecoin issuers.

4.2.3 Smart Contract Security Audit

Regulatory Text: Guidance for Licensed Stablecoin Issuers under the Stablecoin Ordinance

Section 6.5.5: The licensee should also engage a qualified third-party entity to conduct a smart contract audit (e.g., formal verification, security assessment) at least once annually, and whenever the smart contract is deployed, redeployed, or upgraded, to ensure that the smart contract (i) executes correctly, (ii) aligns with expected functionality, and (iii) is highly confident that no vulnerabilities or security flaws exist.

As Hong Kong and global stablecoin regulatory frameworks continue to evolve, stablecoin contracts must simultaneously meet technical security and compliance requirements during design and deployment. Smart contract security audits aim to comprehensively evaluate the contract from multiple dimensions—including architecture, proxy mechanisms, fund logic, permission governance, and on-chain compliance design—through a combination of automated detection and manual review to identify potential security risks and design flaws, ensuring the stablecoin system operates securely, transparently, and sustainably, providing a solid technical foundation for subsequent compliance applications and market operations.

(1) Contract Architecture and Proxy Mechanism Audit

Focus on verifying the logical integrity and security of the proxy contract’s upgradability, ensuring consistent data storage layout between the proxy contract and the stablecoin contract to prevent asset risks caused by variable misalignment after upgrades. Also assess whether the contract framework aligns with compliance design, ensuring upgrade permissions, management roles, and governance logic are transparent and controllable.

(2) Stablecoin Core Logic and Fund Security

Audit the stablecoin contract’s core logic for issuance, burning, transfers, and freezing to ensure alignment with regulatory policies and business needs, avoiding high-risk issues such as logical flaws, permission abuse, and abnormal minting. Focus on the accuracy and consistency of fund flows and asset records, ensuring on-chain assets match off-chain custodial assets.

(3) Permission Control and Multi-Signature Governance Mechanism

The multi-signature contract is a critical foundation for compliance and security. Verify the multi-signature signing process, threshold strategy, and anomaly recovery plans. Ensure management permissions are decentralized to prevent single points of failure or single-person control of assets. Perform comprehensive testing on management logic involving key operations such as contract upgrades, parameter adjustments, and emergency freezes.

(4) Compliance and On-Chain Monitoring Design

Evaluate the contract’s support for mechanisms such as blacklists, whitelists, address freezing, and limit settings based on regulatory requirements. Focus on validating on-chain event logging and audit trail capabilities to ensure the contract has sufficient compliance visibility and regulatory collaboration ability, meeting cross-chain and cross-institutional risk control needs.

(5) Security Testing and Attack Defense

Conduct comprehensive detection of the stablecoin contract using formal verification, symbolic execution, and fuzz testing, focusing on risk points directly related to stablecoin operations such as mint/burn authorization, upgrade and storage layout consistency, permission boundaries, on-chain/off-chain reconciliation, and emergency freezing. Simultaneously, consider the operating environment and proxy mechanism design to ensure the contract has anti-attack capabilities in real-world business scenarios.

Before deploying stablecoin smart contracts on-chain, Beosin can provide deep audits via its self-developed formal verification platform, Beosin VaaS, in collaboration with a team of blockchain security experts. By leveraging formal verification technology to validate contract logic and calling upon a multi-source security vulnerability database accumulated from real-world experience, Beosin conducts comprehensive security testing of stablecoin contracts. It provides remediation solutions for discovered code vulnerabilities, contract backdoors, and tracks improvements to ensure the underlying logic of the stablecoin is safe and trustworthy.

Figure 4-4 Smart Contract Security Audit Process

4.2.4 Underlying Distributed Ledger Security Audit

Regulatory Text: Guidance for Licensed Stablecoin Issuers under the Stablecoin Ordinance

Section 6.5.5: Regarding the distributed ledger used for the operation of specified stablecoins, the licensee should assess the robustness of the underlying technology, including but not limited to: security infrastructure such as cryptographic algorithms employed; consensus mechanisms, covering aspects such as decentralization level, fault tolerance, and incentive mechanisms; capacity and scalability; presence of third-party audits or evaluations and their results; ability to resist common attacks (including 51% attacks or other potential attacks affecting transaction finality); past security records; and risks related to code defects, intrusions, vulnerabilities, and other threats.

The HKMA has repeatedly emphasized that stablecoin issuers should prioritize mature public blockchains with a history of long-term stable operation and high decentralization, such as Ethereum. These established blockchains rely on extensive validator networks, transparent governance mechanisms, and real-world operational experience, offering advantages in attack resistance, transaction finality, and overall security, while their high cost of attack effectively reduces systemic risk.

For cases where non-mainstream chains (such as emerging public chains, consortium chains, or private chains) are selected due to business needs, more thorough security audits and assessments of the chain platform should be conducted to ensure overall security and robustness are not inferior to mature public blockchains. Audits can focus on the following dimensions:

• l Network Architecture and Consensus Mechanism: Evaluate node count, geographic distribution, resistance to attacks, and fault tolerance of the consensus algorithm to ensure stable network operation.
• l Economic Model and Incentive Mechanism: Analyze the network token economic design to assess whether it can effectively incentivize validators and prevent Sybil attacks or economic manipulation.
• l Centralization Risk of Nodes and Operators: Investigate the degree of decentralization of nodes on the chain and the design of operator permissions to reduce systemic risks arising from centralization.
• l Code and Protocol Security: Conduct security analysis of the chain’s core code, consensus protocol, virtual machine, and P2P modules to identify potential vulnerabilities or backdoors.
• l Network Monitoring and Emergency Response: Assess the chain platform’s logging, monitoring capabilities, and emergency response plans for forks or attack incidents.
• l Governance Mechanism and Upgrade Strategy: Review the chain’s governance rules and protocol upgrade process to ensure transparency, controllability, and resilience against risks.
• l Compatibility and Scalability: Evaluate compatibility with external systems (e.g., wallets, cross-chain bridges, oracles) and ecological integration risks for non-mainstream chains.

Through customized security testing, a comprehensive evaluation of the blockchain platform’s architecture, consensus mechanism, node communication protocols, and more can be conducted, combined with simulated attack tests to identify potential risk points. Audit results can form targeted hardening plans to enhance the security, robustness, and auditability of the underlying environment, providing technical assurance for stablecoin issuance and circulation.

Figure 4-5 Blockchain Platform Security Testing Process          

4.3 Anti-Money Laundering Risk Assessment and Monitoring for Stablecoins

For the circulation and transaction phase of stablecoins, Beosin’s proposed Stablecoin Monitor, KYT, and KYA product solutions enable uninterrupted 7×24 dynamic monitoring. They can promptly detect transaction anomalies and fund risks, fully safeguarding the secure and compliant circulation of stablecoins.

Table 4-2 Overview of Anti-Money Laundering Technology Solutions Based on Hong Kong Regulatory Requirements

Regulatory Requirement	Solution
Continuous monitoring of circulating stablecoins is required to fulfill AML and CTF responsibilities; even peer-to-peer transfers between non-customer non-custodial wallets must be adequately monitored.	Beosin Stablecoin Monitor                   (Stablecoin Circulation Risk Monitoring)
Transaction monitoring systems must be implemented during issuance and redemption to identify suspicious transactions, screen stablecoin transactions and wallet addresses, and use blockchain analytics tools to track transaction records and identify transactions involving illegal/suspicious activities.	Beosin KYT                   (Stablecoin Transaction Risk Identification)
Properly manage the money laundering and terrorist financing risks associated with wallets used by customers to receive or redeem stablecoins issued by the licensee. Due diligence on stablecoin counterparties must assess the type of counterparty involved in the transfer.	Beosin KYA                   (Holding Wallet Risk Screening)
Periodically and upon triggering risk events, review due diligence data on counterparties and update risk assessments.	Beosin Rescreen                   (Ongoing Monitoring and Periodic Scanning)
Use blockchain analytics tools to track transactions and identify those involving illegal/suspicious activities; upon awareness, immediate investigation is required, and if suspicion arises, report to the Financial Intelligence Unit and follow up accordingly.	Beosin TransTracer                   (Post-Incident Investigation and Risk Tracing)

4.3.1 Risk Monitoring in Stablecoin Circulation

Regulatory Text: Guidance on Anti-Money Laundering and Countering the Financing of Terrorism (Applicable to Licensed Stablecoin Issuers)

Section 5.9: Continuous monitoring of circulating stablecoins is crucial for licensees to fulfill their obligations in combating money laundering and terrorist financing.

Section 6.42: Licensees are not required to comply with Sections 6.40 to 6.41 regarding peer-to-peer stablecoin transfers between non-customer holders of non-custodial wallets. However, licensees should adhere to the guidance in Sections 5.9 to 5.12 to ensure adequate ongoing monitoring of circulating stablecoins.

Beosin Stablecoin Monitor enables continuous monitoring of stablecoin project operations and transaction risks, providing deep insights into stablecoin holder distribution, stablecoin liquidity, and real-time monitoring of stablecoin transactions. Using deep learning algorithms, it captures anomalous transaction behaviors and triggers alerts, integrating with internal risk control systems to block risky fund flows, helping issuers and regulators closely monitor stablecoin operational risks. The stablecoin monitoring system can achieve the following functions:

• l The stablecoin issuer can monitor the contract’s runtime status in real time and gain a comprehensive understanding of the current security status of the stablecoin.
• l Assist the stablecoin issuer in screening risks associated with fund sources and destinations, preventing on-chain/off-chain high-risk activities.
• l Help the stablecoin issuer monitor the execution of high-level control actions within the contract in real time, such as issuance, burning, freezing, etc.
• l Monitor the price pegging situation of stablecoins, detect abnormal fluctuations in real time, and trigger immediate alerts for de-pegging events.
• l Possess the capability to identify custodial/non-custodial wallet addresses, enabling issuers to adopt different response strategies for potentially risky addresses, especially peer-to-peer transactions involving non-custodial wallets.

Figure 4-6 Beosin Stablecoin Monitoring - USDT Fund Segmentation Monitoring

Figure 4-7 Beosin Stablecoin Monitoring - USDT On-Chain Transaction Risk Alert

4.3.2 Risk Identification for Stablecoin Transactions and Addresses

Regulatory Text: Guidance on Anti-Money Laundering and Countering the Financing of Terrorism (Applicable to Licensed Stablecoin Issuers)

Section 4.35: The licensee should properly manage any money laundering and terrorist financing risks associated with wallets used by clients to receive stablecoins issued by the licensee or to receive stablecoins back during redemption.

Section 5.4: The licensee should also implement effective risk-based transaction monitoring systems and procedures during issuance and redemption to identify and report suspicious transactions. Furthermore, the licensee should establish and maintain adequate and effective systems and controls to screen stablecoin transactions (i.e., stablecoin transfers with clients) and related wallet

addresses. The licensee should adopt appropriate technological solutions (e.g., blockchain analytics tools) capable of:

(a) Tracing stablecoin transaction records to more accurately identify the source and destination of the relevant stablecoin; and

(b) Identifying transactions involving wallet addresses directly and/or indirectly linked to illegal or suspicious activities/sources or designated persons.

Section 6.32: Due diligence procedures for stablecoin counterparties generally involve the following:

(a) Determining whether the stablecoin transfer will be made to or from a stablecoin counterparty or a non-custodial wallet;

In traditional finance, the flow of funds across institutions often breaks down, making hidden risks difficult to detect in a timely manner. Blockchain’s traceability, however, makes the upstream and downstream transaction chains of each transaction clear and visible. In stablecoin risk assessment technology, the two main approaches are KYT and KYA. KYT technology enables judgment of whether the source and destination of a transaction involve risk entities. KYA technology enables a comprehensive risk assessment of fund sources and destinations for a given blockchain address through full historical transaction analysis.

Beosin KYT constructs a closed-loop prevention system centered around fund inflow/outflow scenarios, leveraging on-chain fund visualization tracking technology to trace fund flows and combining risk identification models to achieve penetration-style risk identification, precisely pinpointing money laundering and terrorist financing risk nodes hidden in transaction pathways.

Beosin KYT offers an intuitive user interface and professional API integration solutions, enabling comprehensive assessment of address and transaction risks related to stablecoin operations. Beosin KYT supports 57 public chains, accumulates over 4.7 billion global address labels, monitors over 200 money laundering entities in Southeast Asia, and has over 20 million Southeast Asian labels, covering well-known money laundering platforms such as Huiwang, Tushu, and Xincrypto. It supports identification of over 120 cross-chain and exchange protocols, enabling accurate identification of real fund risks across multiple chain platforms.

Figure 4-8 Beosin Risk Assessment Platform - KYT Transaction Risk Assessment

Beosin KYA supports comprehensive risk screening across all cryptocurrencies for blockchain addresses, enabling identification of risks associated with all assets, including stablecoin holdings. It primarily achieves the following capabilities:

• l Comprehensive risk assessment of bidirectional fund flows, reflecting the overall risk profile of the wallet.
• l Comprehensive analysis of single or multiple currencies, considering scenarios involving cross-chain money laundering and continuous tracking.
• l Assist stablecoin issuers in conducting feature analysis of address transaction behavior, monitoring abnormal behavior through rule models and machine learning technologies.

Figure 4-9 Beosin Risk Assessment Platform - KYA Address Risk Assessment

4.3.3 Ongoing Monitoring and Periodic Scanning

Regulatory Text: Guidance on Anti-Money Laundering and Countering the Financing of Terrorism (Applicable to Licensed Stablecoin Issuers)

Section 6.36: (b) Periodically and/or upon occurrence of triggering events (e.g., when the licensee, while continuously monitoring stablecoin transfers with counterparties, or from other sources such as credible media reports of negative news, or publicly available data indicating the counterparty has previously been involved in targeted financial sanctions, money laundering, or terrorist financing investigations or regulatory actions, becomes aware of any heightened money laundering or terrorist financing risk), review the data obtained from due diligence measures taken on stablecoin counterparties under Section 6.33, and (if applicable) update the risk assessment of the stablecoin counterparties.

Through Beosin Realtime Monitoring’s automated address risk status monitoring mechanism, users can add target addresses to their watchlist to achieve 7*24 real-time updates of address risk scores. When abnormal transaction behavior (e.g., frequent small transfers within a short time or fund interactions with high-risk addresses) is detected, the system immediately triggers an alert and re-evaluates the risk level, ensuring the risk status always reflects the latest security posture.

Beosin Rescreen assists users in scanning target addresses across multiple dimensions periodically or on a scheduled basis. The monitoring system uses machine learning algorithms to update risk scores for target addresses based on multi-dimensional data such as on-chain transaction frequency, fund flow direction, and associated address risk levels.

Figure 4-10 Beosin Risk Assessment Platform - Periodic Risk Assessment of Addresses

4.3.4 Post-Incident Investigation and Risk Tracing

Regulatory Text: Guidance on Anti-Money Laundering and Countering the Financing of Terrorism (Applicable to Licensed Stablecoin Issuers)

Section 5.4: The licensee should adopt appropriate technological solutions (e.g., blockchain analytics tools) capable of:

(a) Tracing stablecoin transaction records to more accurately identify the source and destination of the relevant stablecoin; and (b) identifying transactions involving wallet addresses directly and/or indirectly linked to illegal or suspicious activities/sources or designated persons.

Section 5.12: If the licensee becomes aware of any stablecoin transaction or associated wallet address directly and/or indirectly linked to illegal or suspicious activities/funds sources or designated persons, they should immediately undertake further investigation and analysis. If there is any reason to suspect, the licensee should report the suspicious transaction to the Financial Intelligence Unit and take appropriate follow-up actions as outlined in Chapter 8 of this guidance.

Beosin TransTracer provides an intuitive and concise topological view analysis, facilitating in-depth fund flow investigations for addresses or transactions by stablecoin issuers. Leveraging a multi-dimensional address label library and deep neural network analysis models, Beosin TransTracer traces fund movements involved in malicious activities such as money laundering and fraud, penetrating technical barriers like exchange protocols and cross-chain bridges, reconstructing the path of risky fund flows, and providing a complete evidence chain for issuers and regulators. Its main functions include:

• l Risk categorization of fund sources and destination addresses, automatic tracing of transaction chains, and rapid identification and display of fund paths.
• l Support for automatic penetration through exchanges and cross-chain protocols to reach the final real destination address.
• l Support for multi-chain address multi-currency analysis on a single diagram, allowing unlimited hierarchical expansion of fund paths.
• l Support for precise route filtering and highlighting based on asset/currency/transaction time/transaction amount dimensions.
• l Rapid generation of fund flow diagrams/reports, saving time for enhanced due diligence or case investigations.

Figure 4-11 Beosin TransTracer - Risk Fund Path Analysis

4.4 Intelligent Judgment of Digital Asset Money Laundering and Other Crimes

With the rapid development of digital assets, their anonymity, global liquidity, and low-cost characteristics are widely exploited by criminals, becoming primary tools for various illegal activities. In cases involving telecom fraud, online gambling, drug trafficking, and pyramid schemes, criminal gangs use digital assets to transfer funds, quickly launder money, and obscure the source of funds.

When tracking funds in such cases, law enforcement agencies often face the following challenges:

• lHigh Technical Barrier: Case analysis involves blockchain knowledge and transaction patterns, resulting in a high learning curve for investigators.
• lAddress Anonymity: On-chain addresses lack clear role definitions, making it difficult to determine account ownership and locate evidence collection points.
• lComplex Case Chains: Numerous involved addresses frequently use exchanges and cross-chain operations, increasing analysis difficulty. Traditional manual methods are time-consuming and inefficient, making it hard to build a complete evidence chain.
• lStealthy Fund Flows: Funds are processed through mixing services (e.g., Tornado Cash), further complicating tracking. Manual analysis almost cannot penetrate.
• lUnderutilized Open Source Intelligence: Some funds flow through guarantee platforms, involving multiple money laundering stages and teams. Relying solely on on-chain transactions fails to reveal the full picture.

In this context, law enforcement agencies need the ability to quickly map fund flows, penetrate complex transaction layers, and fully leverage open-source intelligence to overcome these challenges.

To address the capabilities needed by law enforcement in digital asset cases, Beosin Trace combines full-chain data analysis capabilities with AI intelligent algorithms, forming an efficient and precise intelligent judgment capability tailored to digital asset crimes. Its main features include:

• lIntelligent Learning: Leveraging large models and a digital asset crime knowledge base, it provides analytical guidance and intelligent Q&A functions to help law enforcement officers quickly master digital asset case analysis skills, significantly shortening the learning cycle.
• lAddress Label Library: Based on different entities and crime types, on-chain addresses are labeled with over 4.7 billion tag data points, covering mainstream exchanges, wallets, mixers, guarantee platforms, fraud sites, gambling platforms, mining pools, blockchain games, and dozens of other address types. This helps law enforcement officers quickly identify address roles, greatly improving case analysis and judgment efficiency.
• lAutomatic Risk Assessment of Cryptocurrency Funds: During early case investigation, rapid assessment of fund flows is essential, but manual analysis is time-consuming and prone to missing critical information. Beosin Trace automatically identifies transfer paths, generates clear fund flow diagrams, highlights key addresses, and produces interim analysis reports, helping law enforcement officers quickly grasp the core of the case.
• lPenetration of Exchange and Cross-Chain Funds: When funds are transferred through exchange or cross-chain protocols, Beosin Trace automatically identifies the flow paths of exchanges and cross-chain operations, penetrating to the final real recipient address, ensuring end-to-end visibility of fund flows.
• lIntelligent Discovery of Hidden Clues: During in-depth analysis of the case fund network, Beosin Trace comprehensively scans on-chain addresses, automatically identifying anomalous transaction behaviors and suspicious addresses, uncovering hidden clues easily missed in manual analysis, making investigations more comprehensive.
• lTornado Cash Mixing Fund Analysis: Beosin Trace uses intelligent algorithms to penetrate the Tornado Cash mixing process, restoring the true fund flow before and after mixing, helping law enforcement officers efficiently track funds.
• lIntelligent Address Profiling: For key on-chain addresses, Beosin Trace uses AI modeling to analyze address behavior patterns, abnormal fund flows, and transaction counterparts, quickly generating clear, understandable address profile reports to help law enforcement officers precisely identify suspect chains.
• lIntegration and Utilization of Open Source Intelligence: Automatically collect and integrate on-chain data and available open-source intelligence to assist law enforcement officers in discovering and verifying potential connections, enhancing the comprehensiveness and accuracy of case analysis.

Figure 4-12 Beosin Trace - Intelligent Judgment Platform

4.5 Chapter Summary

Beosin builds a comprehensive regulatory technology solution for the entire lifecycle of stablecoins, centered on "source defense, dynamic monitoring, and precise governance." In terms of stablecoin whitelists and contract security, licensees are required to identify all operations across the token lifecycle and verify holder identities, providing a three-tier contract framework: "stablecoin token contract + proxy contract + multi-signature wallet contract," and conducting annual and key-node smart contract and underlying distributed ledger audits to achieve "source defense." In anti-money laundering risk assessment and monitoring, Beosin launches products such as Stablecoin Monitor (7×24-hour monitoring of stablecoin operations and transaction risks), KYT (tracking fund flows and identifying risk nodes), KYA (multi-currency wallet risk screening), Rescreen (ongoing monitoring and periodic scanning), and TransTracer (post-incident investigation and risk tracing) to fulfill regulatory requirements for circulation monitoring, transaction and address risk identification, ongoing monitoring, and post-incident investigation, achieving "dynamic monitoring." Meanwhile, facing the complex trends of digital asset money laundering crimes, Beosin leverages the Beosin Trace engine to build a full-process intelligent judgment capability, assisting law enforcement officers in efficiently conducting case investigations and achieving "precise governance."

Chapter Five Recommendations for Anti-Money Laundering Ecosystem Development

Establishing an industry self-regulatory system to strengthen anti-money laundering capabilities has become a global consensus in the digital asset sector. In this context, the Hong Kong Virtual Asset Association (HKVAIA) officially launched the Digital Asset Anti-Money Laundering Professional Committee (DAAMC) on August 19, 2025, marking a pivotal step forward in Hong Kong’s efforts to build a digital asset compliance ecosystem. As a non-profit organization led by the industry, DAAMC focuses on three core areas: first, promoting the construction of Hong Kong’s compliant stablecoin issuance framework; second, fortifying the financial integrity of the digital asset ecosystem; and third, fostering deep collaboration among licensed financial institutions. DAAMC will establish industry consensus mechanisms to achieve a balanced integration of regulatory requirements and commercial practices.

In practical compliance, DAAMC will align with the Hong Kong Monetary Authority’s (HKMA) published “Guidelines on Anti-Money Laundering and Countering the Financing of Terrorism (Applicable to Licensed Stablecoin Issuers)” and “Guidance for Licensed Stablecoin Issuers under the Stablecoin Ordinance,” while closely tracking emerging compliance standards such as on-chain identity verification globally. This ensures Hong Kong’s regulated stablecoins achieve a dynamic balance between manageable risks and sustainable business development, accelerating the mainstream adoption of stablecoins.

HashKey Group, Yuanbi Innovation Technology Co., Ltd., Beosin, and SlowMist Technology, as founding members of DAAMC, aim to jointly explore innovative compliance solutions for stablecoins through offline seminars and closed-door exchanges, driving high-quality, collaborative development within the digital asset industry.

Figure 5-1 DAAMC Joint Statement

5.1 Industry Self-Regulation Standards and Collaborative Governance Mechanisms

Building an industry self-regulatory system to strengthen anti-money laundering capabilities has become a global consensus in the digital asset sector. In this context, the Hong Kong Virtual Asset Association (HKVAIA) officially launched the Digital Asset Anti-Money Laundering Professional Committee (DAAMC) on August 19, 2025, marking a pivotal step forward in Hong Kong’s efforts to build a digital asset compliance ecosystem. As a non-profit organization led by the industry, DAAMC focuses on three core areas: first, promoting the construction of Hong Kong’s compliant stablecoin issuance framework; second, fortifying the financial integrity of the digital asset ecosystem; and third, fostering deep collaboration among licensed financial institutions. DAAMC will establish industry consensus mechanisms to achieve a balanced integration of regulatory requirements and commercial practices.

In practical compliance, DAAMC will align with the Hong Kong Monetary Authority’s (HKMA) published “Guidelines on Anti-Money Laundering and Countering the Financing of Terrorism (Applicable to Licensed Stablecoin Issuers)” and “Guidance for Licensed Stablecoin Issuers under the Stablecoin Ordinance,” while closely tracking emerging compliance standards such as on-chain identity verification globally. This ensures Hong Kong’s regulated stablecoins achieve a dynamic balance between manageable risks and sustainable business development, accelerating the mainstream adoption of stablecoins.

HashKey Group, Yuanbi Innovation Technology Co., Ltd., Beosin, and SlowMist Technology, as founding members of DAAMC, aim to jointly explore innovative compliance solutions for stablecoins through offline seminars and closed-door exchanges, driving high-quality, collaborative development within the digital asset industry.

Figure 5-1 DAAMC Joint Statement

5.2 Promoting Government-wide Collaboration and Cross-departmental Coordination Mechanisms

Government should drive the establishment of a government-level, integrated governance coordination system, consolidating resources and expertise from prevention, law enforcement, regulation, and financial victim protection departments. By establishing efficient coordination mechanisms, institutional silos can be effectively broken down, forming a closed-loop governance cycle of "prevention–investigation–disposal–protection," achieving synchronized policy formulation and execution, significantly enhancing the multidimensional defense capability against digital asset crimes. This collaborative governance model not only aligns with international AML standards but also adapts to the evolving nature of criminal activities in the digital economy, providing institutional safeguards for building a financial security barrier.

5.2.1 Establishing Cross-departmental Coordination Bodies

Establish a regular inter-agency liaison meeting system involving finance, financial regulation, public security, and cyberspace administration departments. Referencing FATF international standards, develop a unified digital asset risk assessment framework to ensure consistency in regulatory policies.

5.2.2 Building a Capability-sharing System

Implement joint training programs, focusing on specialized skill training in blockchain forensics and digital asset tracking. Conduct scenario-based practical drills simulating typical criminal patterns such as cross-border fund transfers and mixer services to enhance cross-departmental joint operation capabilities.

5.2.3 Optimizing Fund Disposal Processes

Establish a full-process disposal system covering "monitoring–freezing–recovery–return," incorporating blockchain tracing technology to enhance fund transparency. Develop standardized operating guidelines clarifying the responsibilities and timelines for financial institutions and law enforcement agencies.

5.2.4 Building a Data Sharing Hub

Construct a cross-departmental data sharing platform, enabling interoperability of financial transaction data, communication records, and intelligence information under a compliant framework. Use privacy-preserving computing techniques to conduct joint analysis while ensuring data security.

5.3 Strengthening User Safety Awareness and Training System Construction

Users must strengthen their awareness of preventing digital asset crimes to avoid being drawn into illegal fund transfers. During digital asset deposit and withdrawal, users should pay attention to risk screening of funds and can utilize professional, user-friendly digital asset risk screening tools (e.g., Beosin KYA Lite) to quickly identify fund risks, effectively avoiding risks such as account freezing and fund loss due to receiving tainted funds.

Additionally, building and continuously improving a multi-dimensional, multi-level user safety education system is a foundational and critical measure for preventing crime risks in the digital asset sector. This system should coordinate the efforts of government regulators, market players, and the public, forming a "three-in-one" collaborative governance mechanism to strengthen the financial security barrier.

5.3.1 Building a Risk Awareness Enhancement Framework

To help users better identify risks, a cognitive enhancement system must be built with the support of multiple parties. Government-wise, regulators and law enforcement agencies can enhance capabilities in blockchain forensics and digital asset tracking through specialized training; enterprise-wise, digital asset service providers should establish employee compliance training systems; society-wise, governments and enterprises can actively promote initiatives such as "Digital Financial Security in Communities" to expand the coverage of financial security awareness education.

5.3.2 Innovative Public Education Implementation Pathways

Regarding public education formats, immersive educational scenarios can be developed, flexibly utilizing short videos, VR, and murder mystery games to simulate criminal scenarios involving digital assets (e.g., online fraud, online gambling, money laundering), thereby enhancing public awareness of related crime risks. In terms of target audiences, digital asset investors, cross-border trade merchants, and other vulnerable groups should receive more refined risk prevention education. Stablecoin issuers and regulators should consider regularly releasing risk alerts and analyses of typical criminal methods to the public, strengthening warning effects through real case studies.

5.3.3 Popularizing the Use of Digital Asset Risk Screening Tools

Digital asset risk screening tools can help ordinary users score on-chain addresses and transactions for risk, identify risk entities and risky fund flows, reduce the probability of interacting with high-risk addresses, and prevent users from having their funds frozen or getting involved in money laundering from receiving illegal funds at the source. Considering personal users’ demand for asset security, Beosin will soon launch Beosin KYA Lite—a user-friendly digital asset risk screening tool tailored for ordinary users, providing convenient and accurate risk screening for daily wallet address interactions.

References

1. 1. Guidance for Licensed Stablecoin Issuers under the Stablecoin Ordinance, Hong Kong Monetary Authority (HKMA), August 2025.
2. 2. Guidelines on Anti-Money Laundering and Countering the Financing of Terrorism (Applicable to Licensed Stablecoin Issuers), Hong Kong Monetary Authority (HKMA), August 2025.
3. 3. Summary of the Licensing Regime for Stablecoin Issuers, Hong Kong Monetary Authority (HKMA), July 2025.
4. 4. Summary of Transitional Provisions for Existing Stablecoin Issuers, Hong Kong Monetary Authority (HKMA), July 2025.
5. 5. Consultation Paper on Legislative Proposals for Implementing a Regulatory Framework for Stablecoin Issuers in Hong Kong, Hong Kong Monetary Authority (HKMA) and Financial Services and the Treasury Bureau (FSTB), December 27, 2023.
6. 6. Press Release: Implementation of the Regulatory Framework for Stablecoin Issuers, Hong Kong Monetary Authority (HKMA), July 29, 2025.
7. 7. Press Release: HKMA Announces Participants in the Stablecoin Issuer Sandbox, Hong Kong Monetary Authority (HKMA), July 18, 2024.
8. 8. Press Release: LegCo Passes the Stablecoin Ordinance, Hong Kong Monetary Authority (HKMA), May 21, 2025.
9. 9. Insight: Stablecoin Regulation: Hong Kong’s New Era of Digital Assets, Hong Kong Monetary Authority (HKMA), June 23, 2025.
10. 10. 2024 Hong Kong Cryptocurrency Regulation, ComplyCube.
11. 11. Stablecoins: Hong Kong’s Proposed Licensing and Regulatory Framework for Issuers, King & Wood Mallesons.
12. 12. Key Points of Hong Kong’s Proposed Stablecoin Regulatory Framework, King & Wood Mallesons.
13. 13. Hong Kong Stablecoin Regulatory Policy: Industry Commentary, East Money Online.
14. 14. Hong Kong Stablecoin New Rules: Legal Analysis, Yinchao Law Firm.
15. 15. The Dawn of the Hong Kong Stablecoin Era – Part I: The Passage of the Draft Stablecoin Ordinance Opens a New Chapter, Junhe Law Firm, May 30, 2025.
16. 16. Securities and Futures Ordinance (Cap. 571, Hong Kong Laws).
17. 17. Anti-Money Laundering and Countering the Financing of Terrorism Ordinance (Cap. 615, Hong Kong Laws).
18. 18. Stablecoin Ordinance (Cap. 656, Hong Kong Laws).
19. 19. 2025 U.S. Stablecoin Legislative Update, Womble Bond Dickinson.
20. 20. U.S. GENIUS Act Enacted into Law: Regulatory Framework for Compliant Stablecoins, King & Wood Mallesons, July 23, 2025.
21. 21. Comparative Analysis of the OCC, Federal Reserve, and SCRC Roles in the GENIUS Act, Tianyuan Law Firm, June 4, 2025.
22. 22. What are the Specific Roles of the OCC, Federal Reserve, and SCRC in the GENIUS Act? Tianyuan Law Firm, June 4, 2025.
23. 23. New Stablecoin Legislation: Analysis of the GENIUS Act, Arnold & Porter, July 2025.
24. 24. Comparison of Capital Requirements for U.S. and Hong Kong Stablecoins, Hong Kong Legislative Council, February 11, 2025.
25. 25. Inflection Point: Global Implications of Scam Centres, Underground Banking and Illicit Online Marketplaces in Southeast Asia, UNODC, April 2025.
26. 26. Decrypting Crypto: How to Estimate International Stablecoin Flows, International Monetary Fund, July 2025.

About Beosin

Founded in 2018 by two professors from renowned universities, Beosin is headquartered in Hong Kong with offices in over 10 countries and regions worldwide. As a leading global blockchain security and compliance technology company, Beosin has built a product matrix including Beosin KYT (anti-money laundering compliance tool), Beosin Trace (digital asset tracking and investigation tool), and Beosin Stablecoin Monitor (stablecoin risk monitoring tool), earning ISO 27001 and SOC 2 certifications. Beosin’s core products have secured over 70 intellectual property rights and participated in the development of multiple international blockchain security standards. It was among the first companies to join Hong Kong Cyberport Incubation Programme. Beosin’s services span professional code security audits for blockchain ecosystem enterprises, anti-money laundering compliance technology services for regulated exchanges, stablecoin-related businesses, financial institutions, payment providers, and digital asset crime investigation and tracking services for law enforcement and regulatory bodies.

As one of the earliest global enterprises to apply formal verification to blockchain security, Beosin provides professional blockchain and smart contract security audit services. To date, it has audited over 4,000 smart contracts and blockchain projects and has become an official security partner for several major blockchains, including BNB Chain, TON, Soneium, Manta Network, Sonic SVM, and SOON Network.

In the field of blockchain compliance and anti-money laundering, Beosin offers comprehensive KYT and KYA anti-money laundering technology services, supporting 57 public chains including Bitcoin, Ethereum, Tron, Solana, and TON, accumulating over 4.7 billion global address labels and enabling comprehensive risk assessment of on-chain transactions and wallet addresses. To date, Beosin has provided anti-money laundering compliance technology services to nearly 100 enterprises, including HashKey, OSL, Cobo, Dongfang Securities, First Shanghai Securities, Fosun Securities, Addepar Financial, Hengyun Technology, FOMO Pay, CipherBC, BTSE, and Qbit. In anti-money laundering research, Beosin’s Southeast Asia on-chain anti-money laundering report has been cited by the United Nations Office on Drugs and Crime (UNODC), and Beosin has engaged in deep collaboration with ACAMS (Association of Certified Anti-Money Laundering Specialists), the world’s largest AML expert organization, co-authoring a research report on cross-border money laundering patterns and regulatory approaches in mainland China and Southeast Asia, gaining widespread recognition and acclaim in the industry.

Through smart contract security audits (stablecoin contract security), Stablecoin Monitor (7×24-hour monitoring of stablecoin operations and transaction risks), KYT (tracking fund flows and identifying risk nodes), KYA (multi-currency wallet risk screening), Rescreen (ongoing monitoring and periodic scanning), and TransTracer (post-incident investigation and risk tracing), Beosin offers a one-stop security and compliance technology solution for stablecoin issuers, meeting Hong Kong’s regulatory requirements for stablecoin technology security, circulation monitoring, transaction and address risk identification, ongoing monitoring, and post-incident investigation.

To date, Beosin has collaborated with over 30 law enforcement and regulatory agencies worldwide, engaging in blockchain security and regulatory technology exchanges and cooperation with Hong Kong Police, Hong Kong Customs, HKMA, SFC, ICAC, Singapore MAS, Singapore Police, Malaysian Police, and others, earning recognition and honors from multiple regulatory and law enforcement agencies. In 2025, Beosin partnered with INTERPOL to provide digital asset tracking and investigation technical support for the 10th INTERPOL Digital Forensics Expert Group Meeting and the 2nd INTERPOL Digital Forensics Challenge.

Core Products and Services

Smart Contract Security Audit: Comprehensive security audit of smart contract code and business logic.

Blockchain Platform Security Audit: Comprehensive security audit of blockchain network architecture.

Beosin KYT: Digital Asset Transaction Anti-Money Laundering Compliance and Analytics Platform.

Beosin KYA: Digital Asset Address Risk Assessment and Analytics Platform.

Beosin Stablecoin Monitor: Stablecoin Circulation Risk Monitoring System.

Beosin Rescreen: Stablecoin Real-time Monitoring and Periodic Scanning System.

Beosin TransTracer: Stablecoin Risk Investigation Tool.

Beosin Trace: Digital Asset Tracking and Investigation Platform.

Contact Information

Website: https://beosin.com/

LinkedIn: https://www.linkedin.com/company/beosin

X: https://x.com/Beosin_com

Telegram: https://t.me/beosin

Email: market@beosin.com

Disclaimer

This research report has utilized artificial intelligence (AI) to assist in content curation and referenced publicly available materials from institutions such as the Hong Kong Monetary Authority, Japan Financial Services Agency, Central Bank of the UAE, International Monetary Fund, and multiple law firms. All content within this research report does not constitute any investment or legal advice. Beosin endeavors to ensure the accuracy and reliability of the information and data provided; however, no guarantee is made regarding the absolute correctness, completeness, or reliability of such information and data. Readers are strongly advised to consult official latest regulations and guidelines directly for authoritative references. Beosin shall not be held liable for any loss or damage arising from inaccuracies, omissions, or decisions, actions, or inactions taken based on or relying on this research report.