EBA 2025 Report Overview
The crypto-asset sector has experienced explosive growth, driven by technological innovation and increasing mainstream adoption. However, this dynamism also exposes it to significant Money Laundering (“ML”) and Terrorist Financing (“TF”) vulnerabilities. According to the European Banking Authority’s (“EBA”) October 2025 report, Crypto-Asset Service Providers (“CASP”s) remain susceptible to exploitation due to their cross-border nature, pseudonymity and rapid transaction speeds.
The EBA Report highlights that crypto-asset services remain highly vulnerable to ML and TF. Key issues identified include:
- Some CASP seeking to evade national Anti-Money Laundering (“AML”) /Counter Terrorist Financing (“CTF”) supervision, for example by operating without authorisation, forum-shopping across jurisdictions or relying improperly on reverse-solicitation exemptions;
- Weaknesses persist in AML/CTF frameworks, such as unclear beneficial-ownership structures, multi-entity group arrangements with high-risk counterparties and insufficient governance; and
- The cross-border and decentralised nature of crypto-asset services, which complicates supervision due to fragmented oversight, rapidly evolving business models and legacy firms with weak compliance cultures.
As a result of these ongoing vulnerabilities, the EBA stresses vigilant monitoring of unauthorised activities, legacy compliance issues and linked entities to prevent regulatory exploitation.
UK, FCA and Crypto Regulation
In the UK, the Financial Conduct Authority (“FCA”) is adapting its regulatory stance to foster innovation while addressing risks. On 8 October 2025, the FCA lifted its 2021 ban on cryptoasset exchange traded notes (“cETNs”) for retail investors, allowing these products to be traded on FCA-approved UK investment exchanges. However, the ban on crypto derivatives for retail remains, and products lack Financial Services Compensation Scheme (“FSCS”) protection.
This policy shift reflects a degree of market maturation, with improved transparency in AML/CTF regimes and increased consumer familiarity with cryptoassets. Nonetheless, firms engaged in cryptoasset activities must comply with financial promotion rules under the FCA Handbook (COBS 4 and the relevant parts of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005), as well as adhere to the Consumer Duty to ensure fair outcomes and informed decision-making for retail clients.
Best Practices for Service Providers
To address these regulatory and operational challenges, and to align with both domestic and international requirements, firms should consider adopting the following best practices:
- Establish strong KYC/AML processes, beneficial-ownership transparency, transaction monitoring, sanctions screening and governance structures.
- Avoid opaque multi-entity or multi-jurisdiction structures. Ensure that Senior Management is fit and proper and that ultimate beneficial owners are identified and disclosed.
- Operate under proper authorisation and avoid relying on exemptions or weak jurisdictions. Firms must also remain up to date on regulatory developments, including the Markets in Crypto-Assets Regulation (“MiCA”) and national regimes.
- When offering crypto-linked investment products (e.g., ETNs), ensure product suitability, clear risk disclosures, proper listing/exchange procedures and consumer-protection measures.
- Maintain proactive engagement with relevant regulators, notify supervisory contacts, share information effectively and monitor for unauthorised activities across jurisdictions.
How Complyport can help
Complyport provides specialist regulatory and compliance support to crypto-asset service providers seeking to align with evolving UK and EU frameworks such as the FCA’s Financial Promotion Rules, MiCA, and AML/CFT obligations. Our services are designed to help firms strengthen governance, ensure transparency and operate confidently under proper authorisation.
Our crypto assets services include:
- Developing and implementing appropriate regulatory policies and procedures;
- Strengthening or developing KYC/AML Frameworks and Governance;
- Compliance support by offering comprehensive regulatory compliance audits, risk assessment services, and tailored guidance on implementing the necessary controls and disclosures;
- Assistance with FCA or MiCA Authorisation Applications; and
- Comprehensive regulatory audits and risk assessments.
Book a meeting with one of our KYC/AML compliance experts to ensure you remain compliant and well-positioned in the evolving UK regulatory landscape.
Ask ViCA, your Virtual Compliance Assistant. Claim your complimentary 20 queries today! Register here: https://vica.chat
