Why has the traditional regulatory system become a joke on blockchain?
TechFlow Selected TechFlow Selected
Why has the traditional regulatory system become a joke on blockchain?
The state of crypto regulation in 2025: an expensive game everyone knows is a joke, yet all must continue performing.
Navigating Web3 tides with focused insightsBy: Bobo Bobo
Bobo recently read a briefing paper newly released by the Bank for International Settlements (BIS)—"Anti-Money Laundering Compliance Framework for Crypto Assets" [1]. As the central bank for central banks worldwide, every BIS report becomes a bellwether for financial regulation across nations. So when I saw the title, my first thought was: Finally, has someone figured out a clever way to regulate cryptocurrencies?
Yet after reading through the entire paper, I realized it isn't a practical solution at all—rather, in my view, it reads more like a dignified surrender letter.
BIS uses academic language to politely acknowledge a harsh truth: traditional finance's KYC/AML framework has completely failed in the face of decentralized crypto ecosystems.
What "innovative" solutions do they propose?
Scoring wallets, encouraging users to verify compliance on their own, and enforcing final checks at on/off ramps.
It’s like a martial arts master who spent his life mastering the "Eighteen Dragon-Subduing Palms," only to realize his opponent arrived in a tank—and so he suggests putting up a sign at the city gate: "Tanks Not Allowed."
Leaving aside how high the implementation and coordination costs of scoring might be, even if deployed, what happens when someone dumps tainted funds into a high-score wallet?
Encouraging users to check each other is akin to requiring you to investigate whether a dollar bill you're receiving was previously used to buy drugs. Theoretically possible, practically absurd.
KYC/AML at on/off ramps may be the last shred of dignity left for traditional institutions—at least there, identity and fund origins can still be verified.
Why do we say traditional regulatory frameworks have almost entirely failed on-chain? Let us now examine one particularly absurd regulation that regulators around the world continue to push forward—the Travel Rule.
Travel Rule: A Farce from Traditional Finance to the Crypto World
To understand the absurdity of the Travel Rule, we must first trace its origins.
In 1996, during the dial-up internet era, the U.S. Financial Crimes Enforcement Network (FinCEN) first introduced the Travel Rule as part of the Bank Secrecy Act. The requirement was simple: when banks processed wire transfers exceeding $3,000, they had to pass the sender’s information to the next financial institution.
This worked well within the traditional banking system—why?
Because banks are centralized, possess full customer data, and use standardized messaging systems like SWIFT. ICBC knows everything about Zhang San; CCB knows everything about Li Si. Exchanging information during transfers happens naturally.
But in 2019, the Financial Action Task Force (FATF) made a game-changing decision: extend the Travel Rule to cryptocurrencies.
What kind of organization is FATF? Established in 1989 as an intergovernmental body originally focused on combating drug-related money laundering. Its "40 Recommendations" are considered the global gold standard for anti-money laundering. When FATF speaks, the world’s regulators listen.
On June 21, 2019, FATF adopted Interpretive Note 15 (INR.15) to Recommendation 15, extending Recommendation 16—the Travel Rule, originally applicable to wire transfers by traditional financial institutions—to the virtual asset domain. It requires Virtual Asset Service Providers (VASPs) processing transactions above $1,000/EUR 1,000 to collect and transmit identity information of both sender and receiver, including:
-
Name
-
Account number (wallet address)
-
Geolocation or ID number
-
If required, additional details
Their logic: since the Travel Rule worked for over two decades in traditional finance, it should work in crypto too.
The flaw in this logic: they fundamentally misunderstand how blockchains operate.
The Global Chaos of Travel Rule Implementation
Let’s look at the current state of Travel Rule enforcement. According to FATF’s June 2025 report, 99 jurisdictions claim to have passed or are in the process of passing Travel Rule legislation. Sounds impressive, right?
But the devil is in the details. 75% of jurisdictions remain only partially compliant or non-compliant [2], a figure unchanged from April 2023—75% of 73 countries, zero progress.
Why? Because each country is implementing its own version.
The U.S. sticks with its 1996 rule: $3,000 threshold. But FATF recommends $1,000—creating the first split.
Singapore was among the earliest adopters, implementing it on January 28, 2020, with a threshold of SGD 1,500. South Korea implemented it on March 25, 2022, at KRW 1 million (~$821). Japan says no threshold—all transactions, regardless of size, must comply.
The EU goes further: delayed enforcement until December 30, 2024, under the Funds Transfer Regulation (TFR), then declares: no threshold—Travel Rule applies even to 1 euro cent.
The result? A $1,500 transfer from the U.S. to the EU: the U.S. says Travel Rule doesn’t apply; the EU says it does. Both are “compliant,” yet the transaction stalls.
And it gets worse. Israel implemented Travel Rule in 2021 with zero threshold, but almost no other country connects with it. Canada also has zero threshold, but its rules are incompatible with others.
What’s the outcome of this fragmented approach?
According to Notabene’s 2024 industry survey [3], despite improvement from the previous year (down from 52% to 29%), 29% of VASPs still indiscriminately send Travel Rule information to all counterparties without any due diligence assessment.
This “spray-and-pray” approach reflects an awkward reality: most VASPs are merely going through the motions, since there’s no way to verify whether counterparties actually use the data or are truly compliant.
DeFi: The Blind Spot of Travel Rule
While regulators are still wrestling with Travel Rule on centralized exchanges, DeFi has completely bypassed the issue.
The premise of Travel Rule is the existence of a VASP (intermediary) to enforce it.
If I use MetaMask to swap tokens directly on Uniswap, then:
-
Is MetaMask a VASP? It’s just a browser extension.
-
Is Uniswap a VASP? It’s just a piece of code.
-
Are Ethereum miners VASPs? They merely validate transactions.
When two parties transact peer-to-peer directly, there’s simply no intermediary to enforce Travel Rule.
It’s as absurd as asking air to enforce the law.
Who exactly is supposed to enforce Travel Rule? Should code be required to provide KYC information?
FATF’s response: developers of DeFi protocols should be considered VASPs.
The absurdity here equals saying the inventors of TCP/IP protocol should be held responsible for all internet crimes. Vitalik Buterin created Ethereum—so should he be liable for every illegal transaction on it? If Satoshi Nakamoto were alive, would he deserve a life sentence?
Criminals’ Response: The Art of Smurfing
How do real criminals view the Travel Rule? Probably as a comedy show.
Criminals use traditional Smurfing ("Blue Smurf" tactics) to evade Travel Rule [4], breaking large transactions into small ones. Need to move $18,000? Split it into 20 transactions of $900 each, sent from different wallets at different times. Each stays below the threshold—Travel Rule doesn’t apply.
North Korean hackers stole $1.46 billion from ByBit this year—the largest crypto heist in history. Did they follow Travel Rule? Of course not.
In 2024, the amount of cryptocurrency used in illicit activities reached tens of billions of dollars. Not a single one of these criminals was caught because of Travel Rule.
Another consequence of Travel Rule is intensified regulatory arbitrage—every time regulations tighten, it’s like squeezing toothpaste: squeeze here, it pops out elsewhere.
Compliance Cost: An Expensive Performance
Travel Rule brings not solutions, but astronomical compliance bills.
Estimates suggest that implementation costs for a mid-sized exchange include:
-
Technology solution procurement: annual fee of $100k–$500k
-
System integration and upgrades: one-time cost of $500k–$2M (requires overhauling entire trading systems)
-
Compliance team expansion: annual salary cost of $200k–$1M (requires dedicated Travel Rule compliance officers)
-
Legal consulting fees: annual fee of $100k–$500k (different rules per jurisdiction require local legal support)
-
Audits and reporting: annual fee of $50k–$200k
These are only the visible costs. What about the invisible ones?
These high compliance costs are accelerating market concentration. Large players naturally support Travel Rule—they can afford compliance; competitors cannot. This isn’t regulation—it’s market cleansing via compliance cost.
What’s the biggest hidden cost? The death of innovation.
Startups now must prioritize not technological breakthroughs, but:
-
Does this comply with Travel Rule?
-
Can we afford compliance costs?
-
What if we’re classified as a VASP?
The result: innovation either migrates to jurisdictions with looser regulations, or is abandoned altogether. We’re using 19th-century thinking to kill 21st-century innovation.
This is the truth of Travel Rule: spending vast sums to build a useless system that solves nothing except increasing costs, reducing efficiency, and killing innovation. Ordinary users end up paying for this regulatory farce—endless forms, endless waiting, endless fees.
The Cast of the Regulatory Theater
Current crypto regulation is a carefully choreographed drama, with every player following their script:
Regulators: “Look, we’re enforcing Travel Rule! We’re protecting investors!” (They know it’s ineffective, but need political achievements)
Large institutions: “We are fully compliant!” (Just going through the motions—asking, “Is this your wallet?”)
Smaller institutions: “We’re working hard to comply!” (Secretly planning to relocate to friendlier jurisdictions)
Users: “I’m cooperating with Travel Rule!” (Already learned how to bypass it)
Criminals: “Travel what Rule?” (Carry on as usual)
Face Reality, But Don’t Stop Thinking
By now, you might ask: So what should we do?
First, clarify: this article isn’t criticizing regulation itself, but highlighting the current reality. The intent behind regulation is good—preventing money laundering, protecting investors, maintaining financial stability. These goals are unquestionable and necessary.
What we criticize is using the wrong tools to achieve the right goals—like using a hammer to turn a screw. No matter how hard you try, the tool is wrong.
We must accept a fact: in a decentralized world, traditional regulatory tools have failed. This isn’t a technical issue, but a paradigm shift. You can’t manage cars with horse-drawn carriage rules; you can’t regulate DeFi with bank regulations.
But this doesn’t mean abandoning all regulatory efforts. On the contrary, we need new ways of thinking. Good regulation should resemble traffic laws—not preventing people from driving, but making roads safer.
Perhaps instead of a global uniform standard, we need healthy competition among jurisdictions. Regulatory innovation and technological innovation should advance together, not oppose each other.
This requires powerful on-chain data analysis capabilities. Companies like Chainalysis have already shown that suspicious transactions can be effectively identified through behavioral analysis—without needing everyone’s ID numbers. In a future where regulatory frameworks become clearer, compliance infrastructure will become key infrastructure for the crypto industry.
We shouldn’t call for anarchism, but for smarter governance. Regulators and practitioners should sit down for honest dialogue, understand each other’s concerns, and jointly explore regulatory paths suited to the characteristics of new technologies.
After all, the real enemy isn’t regulation, nor is it cryptocurrency—it’s those exploiting technological loopholes for criminal purposes. On this point, regulators and practitioners share the same goal.
Final Thoughts
Back to that BIS report mentioned at the beginning.
On the surface, it proposes solutions. In reality, it documents the end of an era—the irreversible erosion of traditional financial order’s authority over crypto assets.
This is the state of crypto regulation in 2025: an expensive game that all participants know is a joke, yet everyone keeps performing.
The Travel Rule, originating in 1996 as a bank wire transfer rule, was forcibly transplanted into the crypto world in 2019. This process itself exemplifies regulatory inertia—pouring new wine into old bottles, applying carriage-era traffic rules to highways.
As Hayek said: “The road to hell is paved with good intentions.” Today’s crypto regulation may well be such a road. The intentions are noble—prevent money laundering, protect investors, maintain financial stability. But the outcome is increased friction, stifled innovation, and pushing activity underground.
The Pandora’s box has been opened. The decentralized genie won’t go back into the bottle.
Rather than continuing this doomed war, we should think about finding balance in the new world. That demands not stricter rules, but entirely new wisdom.
And clearly, such wisdom won’t come from regulators still managing 21st-century technology with 20th-century thinking.
The future isn’t somewhere we’re going—it’s something we’re creating.
Let’s just hope that when history looks back on this era, it won’t record it as: humanity once had the chance to build a more open, transparent, and efficient financial system, but ultimately had it ruined by bureaucrats who didn’t understand technology.
That would be an even greater joke than any regulatory failure.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@wzxznl
