Scoring the Blockchain

There’s quite nothing like diving into a new subject matter. After reading The Crypto Launderers and TRM Labs' deep dive into Chinese underground finance, I found myself wondering about AML compliance in crypto.

That led me to the Bank for International Settlement’s (BIS) recent bulletin titled: “An approach to anti-money laundering compliance for cryptoassets”, in which the BIS proposes a radical shift: AML compliance scores for crypto assets.

Think of it like a credit score, but for your coins. The idea is to measure how “clean” a token or wallet is based on its transaction history: whether it has touched illicit addresses, passed through mixers, or interacted with sanctioned entities. The more exposure, the lower the score. Coins sourced from regulated exchanges or KYC-verified wallets, on the other hand, boost your rating.

The score gets checked when you try to convert your crypto back into fiat at an exchange or a payment processor. Too low? Denied. It's AML by design.

Wait, isn’t that what Elliptic does already?

Yes and no. The BIS proposal formalizes what blockchain analytics companies such as TRM Labs, Chainalysis and Elliptic are already doing; however, there are some important nuances to consider.

These companies provide private risk-scoring tools, enabling clients to make case-by-case decisions. The BIS, by contrast, envisions a public regulatory framework where compliance scores are embedded directly into law. Jurisdiction-defined thresholds would become mandatory at fiat on/off-ramps, removing discretion from the process.

The BIS outlines a range of enforcement models:

• Strict: Only coins from “allow-listed” wallets (fully KYC’d) can be cashed out.

• Permissive: Only block coins directly linked to known bad actors (“deny-listed”).

• Middle ground: Use weighted scores based on wallet behavior, time held, proximity to risk, and other heuristics.

This opens the door for more nuanced regulation, where not every tainted coin is treated the same, and users have an incentive to seek out clean tokens and avoid shady transfers.

Still, there are challenges.

Chief among them is the risk of “guilt by association”, where users could unknowingly receive tainted tokens and face penalties simply because those assets once passed through illicit addresses. This undermines the fungibility of crypto, effectively creating a two-tier system: "clean" coins that are easily accepted, and "dirty" ones that are harder to off-ramp or use.

Moreover, the approach depends heavily on exchanges and stablecoin issuers, the fiat off-ramps, to enforce compliance. But sophisticated actors already route around these chokepoints using mixers, DeFi, or peer-to-peer networks. Meanwhile, ordinary users may face increased surveillance, reduced privacy, and even be required to prove the “cleanliness” of their funds.

While blockchain analytics firms like Elliptic already offer risk scores to private clients, the BIS model shifts this into the realm of public policy and enforcement, raising questions about fairness, feasibility, and the balance between transparency and individual rights.

Parting thoughts

I'm still digesting it. The BIS proposal offers a promising step toward smarter, more data-driven compliance in the crypto space. By using blockchain’s transparency to assess risk, it creates opportunities for more nuanced regulation that goes beyond blanket bans or outdated controls.

Still, the challenge will be balancing enforcement with fairness, ensuring that compliance doesn’t come at the cost of usability or inclusion. If done thoughtfully, this approach could strengthen trust in crypto without undermining its core strengths.

Thanks for reading.

Source: AML Compliance for cryptoassets