Stablecoins are digital assets designed to maintain a stable value by pegging to fiat currencies, commodities, or other assets. Their promise of price stability has made them a cornerstone of the digital asset ecosystem—powering payments, DeFi, and cross-border transactions.
However, their rising prominence has also drawn regulatory scrutiny, particularly around how they’re issued, backed, and used. Virtual Asset Service Providers (VASPs), which facilitate stablecoin transactions or even issue them, face expanding compliance expectations in response to growing risks. This article will discuss the general compliance obligations of VASPs as they relate to stablecoins, and the additional regulatory considerations specific to stablecoin issuers.
VASPs must meet a suite of regulatory requirements that apply broadly to virtual assets, including stablecoins. Key among these are licensing and registration requirements, which vary by jurisdiction but generally mandate that VASPs demonstrate robust compliance frameworks, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Countering the Financing of Terrorism (CFT) protocols.
Compliance obligations are especially critical in the context of stablecoins, which have seen a surge in usage. In 2024, stablecoin transaction volumes surpassed those of Visa and Mastercard combined, underscoring their growing role in the global financial system.
This scale has not gone unnoticed by bad actors. For example, in December 2024, the TGR Group was sanctioned for laundering funds for Russian elites through a sophisticated sanctions evasion scheme involving both stablecoins and traditional cryptocurrencies. As stablecoins become more integrated into cross-border transactions, their misuse for illicit purposes becomes a growing regulatory concern.
In response, VASPs must do more than conduct initial identity verification—they must follow the Travel Rule and continuously monitor transactions for red flags, such as layering, structuring, or smurfing. When suspicious activity arises, regulators expect timely reporting and escalation to appropriate authorities. Proactive surveillance and real-time analytics via a tool like Merkle Science’s Compass are needed to safeguard against financial crime and remain compliant.
In addition, stablecoin issuers and other businesses that deal especially with stablecoins may have additional obligations with their regulators, such as:
Transparency - The reliability of stablecoin backing has often come into question. A key risk is that some stablecoins are not fully backed, or in extreme cases, not backed at all. In 2022, the U.S. Department of Justice secured a conviction against Randall Crater, founder of My Big Coin Pay Inc., who falsely claimed that his token was backed by $300 million in gold, oil, and other assets. In reality, the tokens had no backing, and Crater misappropriated over $6 million from investors.
Incidents like this highlight the critical importance of transparency in asset backing. Stablecoin issuers must clearly disclose the nature, composition, and valuation of their reserves. Circle, the issuer of USDC—a leading U.S. dollar-pegged stablecoin—exemplifies this practice by publishing detailed monthly reports. As of its latest disclosure, USDC has $60.8 billion in circulation, fully backed by an equal amount in reserves, including cash and short-term U.S. Treasuries. This level of transparency is essential for maintaining user trust and satisfying regulatory expectations.
Auditing - Relying solely on a stablecoin issuer’s self-reported claims about reserves and backing is insufficient. Independent third-party audits are essential to verify that issued tokens are fully backed by appropriate assets. For instance, Tether—the issuer of USDT—undergoes quarterly attestations conducted by BDO Italia, an external accounting firm. These reports detail the composition of Tether’s reserves, including total assets, liabilities, net equity, and a breakdown of reserve holdings.
The scope and frequency of these audits, as well as the required disclosures, are often determined by the relevant regulator. Stablecoin issuers must remain attuned to jurisdiction-specific requirements and ensure that their auditing practices meet evolving regulatory standards.
Redemption - Historically, asset-backed stablecoins have generally maintained their peg, with only minor deviations from their reference currency. In contrast, algorithmic stablecoins have faced significant challenges in ensuring redemption at par value.
The collapse of TerraUSD (UST) is the most notable example. Its algorithmic peg mechanism, designed to maintain a $1 value through a relationship with its sister token LUNA, failed under market pressure. This triggered a death spiral in which both tokens lost nearly all their value, wiping out billions in market capitalization. The incident underscored the inherent fragility of algorithmic models and the critical importance of reliable redemption mechanisms.
Stablecoin issuers must be able to demonstrate that users can consistently redeem their tokens at par value—a foundational requirement for trust and long-term stability.
Technology risks - As the collapse of TerraUSD demonstrated, auditing a stablecoin’s reserves is only part of the equation—algorithmic stablecoins must also undergo rigorous code audits to identify vulnerabilities in their underlying smart contracts.
For example, Frax, which initially launched as an algorithmic stablecoin and has since evolved into an asset-backed model, has subjected its code to regular audits by cybersecurity firms specializing in blockchain technology since 2020. This kind of structured and transparent auditing process is essential for ensuring the integrity of algorithmic mechanisms, which can directly impact a stablecoin’s ability to maintain its peg and redemption reliability.
In addition, when crypto exchanges and DeFi platforms are hacked, stablecoins are often either stolen directly or used as part of broader laundering schemes. In the case of the DeltaPrime hack in September 2024, attackers exploited access to DeltaPrime's admin private keys, enabling them to mint custom tokens in astronomical quantities (1×10^69) and falsely peg them at a 1:1 ratio with USDC and other legitimate tokens.
Incidents like this highlight the critical importance of security not just at the exchange level, but also at the issuer level. Stablecoin issuers must implement robust safeguards around reserve management and storage to ensure their backing assets remain secure and cannot be exploited in coordinated attacks.
Conclusion
As stablecoins continue to scale in global usage, the compliance burden on VASPs—and especially stablecoin issuers—will only intensify.
To meet these demands of ensuring transparency, securing reserves, and monitoring for illicit activity, VASPs must adopt tools that go beyond basic blacklists. Merkle Science’s Compass, with its behavior-based rule engine, empowers compliance teams to screen transactions, detect suspicious patterns in real time, and fulfill reporting obligations more effectively. Contact us for a free demo today.
