Authors: Andrea Minto, Anneke Kosse, Takeshi Shirakami and Peter Wierts, BIS

Compiler: Ma Yimeng, FinTech Research Institute

In March 2026, the Bank for International Settlements (BIS) published a working paper titled "From cash to crypto: towards a consistent regulatory approach to illicit payments." The paper discusses the challenges faced by anti-money laundering and counter-terrorist financing (AML/CFT) regulation in the context of the diversification of payment instruments. It proposes a conceptual framework to analyze the risks of regulatory arbitrage arising from differences in the level of intermediary involvement in different payment instruments, referred to as the "waterbed effect."

By examining the regulatory evolution in the European Union, the article points out that achieving regulatory effectiveness requires a balance between general law (lex generalis) and special law (lex specialis). The Institute of Financial Technology at Renmin University of China (WeChat ID: ruc_fintech) has compiled this study.

1. Introduction

With the rapid development of financial technology, we are experiencing a profound transformation in payment methods. From traditional cash and bank deposits to electronic money, to emerging cryptoassets and the increasingly important retail central bank digital currencies (CBDCs), the array of payment instruments available has never been richer.

This diversification fosters competition and financial inclusion on one hand, but brings new risks on the other. Each payment instrument may be exploited by bad actors for money laundering (ML) or terrorist financing (TF), thus undermining the integrity and stability of the financial system.

For a long time, countries' regulatory bodies have addressed these risks through AML/CFT frameworks, requiring obliged entities such as financial institutions to fulfill responsibilities including customer due diligence (CDD), transaction monitoring, and reporting suspicious transactions.

However, regulation does not operate in a vacuum. When new payment instruments emerge, the regulatory framework needs to be continuously adjusted to accommodate them. Yet the inherent differences in design between different payment instruments, particularly their reliance on intermediaries, can lead to inconsistencies in regulatory rules among these instruments.

Such inconsistencies can trigger a "waterbed effect": when regulators tighten controls in one area of payment (such as bank transfers), blocking a loophole, the flow of funds may shift to another area (such as certain cryptocurrencies) where regulation is relatively lax, much like the movement of water when pressure is applied to one side of a waterbed. This behavioral adjustment, whether it is malicious regulatory arbitrage or legitimate user choices driven by privacy concerns, undermines the overall effectiveness of regulation.

Therefore, the core question of this paper is: how do AML/CFT frameworks influence, or even distort, users' choices of payment instruments? The authors aim to explore how to achieve a more consistent and effective regulatory path across different payment instruments by constructing a conceptual framework and using the regulatory practices of the EU as a case study.

2. Conceptual Framework: AML/CFT Measures and Interaction with Payment Instrument Choice

Role of Intermediaries and Regulatory Arbitrage

The core of this paper is a qualitative analytical framework based on the design differences of payment instruments. The core variable of this framework is the degree of intermediary involvement. Based on this variable, the authors categorize payment instruments into two broad categories:

• Intermediary-dependent instruments: Including bank deposits, electronic money, custodial wallet cryptoassets, and online retail central bank digital currencies. These transactions go through one or more regulated intermediaries, which as "obliged entities," perform customer due diligence, monitor transactions, and report suspicious activities to the Financial Intelligence Unit (FIU). Therefore, such instruments are designed to have a higher probability of detecting illicit transactions.

• Non-intermediary-dependent instruments: Including cash, self-custodial wallet cryptoassets, and offline retail central bank digital currencies. In these transactions, no intermediary is authorized or able to assume the role of "gatekeeper." Transaction information is primarily confined to between the payer and the payee. Therefore, theoretically, the design of these instruments leads to a lower detection probability.

Based on this, the model derives the first key hypothesis: malicious actors will choose payment instruments with the lowest expected detection probabilities to maximize their anticipated net benefits from illegal activities. Among non-intermediary-dependent instruments, cash, while having the highest anonymity, is limited in practicality for large and remote transactions due to its physical form.

Self-custodial wallets may thus become a more attractive alternative, as they combine high anonymity with digital convenience. While offline central bank digital currency also leaves electronic traces, if designed without intermediary involvement, its risks are also higher than those associated with intermediary-dependent instruments.

Waterbed Effect and Regulatory Response

The second key part of the framework describes the dynamic game between behavioral adjustments and regulatory responses. When regulators strengthen regulation of a certain class of instruments, for example by imposing strict monitoring on bank deposits, it raises their "cost of use" (which for malicious actors equates to detection risk).

According to the "waterbed effect," illicit activities will shift to other payment instruments with weaker regulation and lower detection probabilities (like self-custodial wallets). Such arbitrage behavior undermines overall regulatory effectiveness, necessitating intervention by regulators. The usual form of intervention is to further expand the regulatory scope, bringing new, uncovered payment instruments into the framework, thus triggering a new round of behavioral adjustments.

This dynamic cycle explains why AML/CFT frameworks are always evolving and "catching up" with technological innovations. This effect exists not only between different payment instruments but may also occur between different jurisdictions, resulting in geographical regulatory arbitrage.

Side Effects for Legitimate Users: Privacy and Freedom of Choice

The third part of the framework considers the side effects of regulation on legitimate users. While AML/CFT measures are necessary for combating crime, they inevitably infringe upon users' informational privacy.

Transaction monitoring and data sharing mean that some personal information of users is held by third parties (intermediaries, regulatory agencies). This trade-off between privacy and financial integrity is an unavoidable core contradiction in regulatory design. Even when acting entirely for legitimate purposes, some users may opt for payment instruments that offer higher privacy protection due to concerns about data security or a value orientation that views payments as a private matter.

Thus, legitimate users and malicious actors may converge in their behavior: both may prefer non-intermediary-dependent tools. However, the reasons are markedly different: malicious actors seek to evade regulation, while legitimate users aim to maintain privacy and personal freedom. This adds complexity to policy-making, as simply tightening regulation to close loopholes may overly sacrifice the freedoms of ordinary citizens.

3. Legal Analysis: Taking the European Union as an Example

The European Union has continuously evolved its AML and CFT framework since 1991, initially focusing on banks and other financial institutions, gradually expanding to include accountants, lawyers, real estate agents, and eventually incorporating crypto-asset service providers (CASPs) in the reforms of 2018 and 2024. This evolutionary process clearly demonstrates the framework's ongoing adaptation to new risks. However, case studies also reveal that inconsistencies still exist in the current framework, potentially triggering the "waterbed effect."

• Cash: The EU has introduced a cash transaction limit of €10,000, directing large transactions towards instruments with intermediary involvement.

• Self-custodial wallets: For these non-intermediary tools, regulation primarily relies on their “touch points” with intermediaries (such as when converting cryptoassets to fiat) for monitoring. However, no transaction or holding limits similar to cash have been established.

• Offline digital euro: In the European Commission's proposal for the digital euro, offline transactions are designed to occur without intermediary involvement to provide cash-like privacy experiences. To balance risks, the proposal authorizes the European Commission to set limits for such transactions, though these have yet to be finalized.

4. Constructing a Unified AML/CFT Regulatory Path: Conclusions and Recommendations

Based on the above analysis, the paper presents a core policy recommendation: adopt a regulatory model that combines "general law" and "special law" to achieve a regulatory effect that is both consistent and flexible.

• General Law (Lex Generalis): Refers to the unified and universal principles and core requirements that should apply to all payment instruments with similar characteristics. Specifically, for all intermediary-involved payment instruments (bank deposits, electronic money, online central bank digital currencies, custodial wallets), a uniform regulatory "baseline" should be established. This means that all such intermediaries should bear the same basic responsibilities: conducting customer due diligence, monitoring transactions, maintaining records, and reporting suspicious transactions. Additionally, the privacy and data protection standards applicable to these intermediaries should be as uniform as possible to ensure consistency in the trade-off between privacy and integrity across the industry.

• Special Law (Lex Specialis): Refers to supplementary and targeted rules formulated specifically for the unique design or functionality of certain payment instruments based on general law. For example:

For cash, its physical characteristics make direct application of general law difficult, hence special law is necessary, such as the €10,000 transaction limit, to serve as a supplement.

For offline central bank digital currencies, since their design deliberately excludes intermediaries to provide a cash-like experience, special law is also needed to manage their risks, such as by setting transaction and holding limits.

For self-custodial wallets, there is also a need for special laws to address the unique challenges they pose. This may include further strengthening the regulation of "touch points" with intermediaries or exploring technological compliance (for example, by setting limits at the protocol level), as well as enhancing responsibility requirements for wallet service providers (even if they do not directly hold assets).

For non-intermediary-dependent payment tools, regulators need to move beyond the traditional model of "intermediary accountability" and explore a more diverse array of regulatory tools. This may include:

• Utilizing touch points: Strengthening monitoring of all channels through which illicit funds enter or exit non-intermediary domains.

• Setting transaction limits: As done for cash and offline central bank digital currencies, and using this as a universal risk management tool. For self-custodial wallets, while enforcing such limits poses technical challenges, it is not impossible and is a direction worth exploring in the future.

• Enhancing issuer responsibilities: Requiring issuers of payment instruments (such as the cash issuance departments of central banks, stablecoin issuers) to bear more AML/CFT responsibilities, such as taking more proactive measures (like halting the issuance of high-denomination banknotes, freezing suspicious addresses, etc.) to maintain the integrity of their issued instruments.

• Increasing the costs of violations: Setting stricter penalties for individuals or entities using non-intermediary payment tools in professional activities.

Finally, the article emphasizes that a truly effective AML/CFT framework must possess foresight and adaptability. In the future, more innovative payment instruments that we cannot foresee today will undoubtedly emerge. By developing a framework based on "general law" principles and broadly defining "payment instruments," future innovations can be automatically incorporated into the regulatory perspective, thereby breaking the passive cycle of "innovation-regulation-renewed innovation-renewed regulation," and guiding financial innovations toward directions more beneficial to social welfare.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。