Same crimes, new rails: Risk intelligence in the new US payments landscape

In Q1 2026 alone, $271 billion moved over FedNow rails, a 10% increase quarter on quarter. Stablecoin transaction volumes have climbed from $9.8 trillion to $13.3 trillion in adjusted volume in the space of months. And Interpol now estimates the global cost of fraud at $442 billion a year, more than drug trafficking and human trafficking combined.

For compliance leaders, the question is no longer whether payments innovation is reshaping the financial crime risk landscape. It is whether existing frameworks, data architecture, and team expertise can keep pace with money that now moves at the speed of code.

In a panel discussion as part of our North American Future of Compliance summit, Denisse Rudich (Rudich Advisory) and Brandi Reynolds (World Liberty Financial) joined our Global Head of FCC Strategy, Andrew Davies, to map the forces reshaping US payments and what they demand of compliance teams.

Stablecoins are an evolution, not a revolution

Stablecoin volumes have grown sharply enough to justify the headlines, but the panel’s clearest argument was that the underlying compliance challenge has not changed in kind, only in tempo. Value still moves from sender to receiver. The risk typologies, from sanctions evasion to fraud proceeds to terrorist financing, are recognizable. What has changed is the speed, the rail, and the asset class.

“I see this as an evolution in how compliance leaders must think about money movement. We’re still transferring value. It’s just happening at a much faster rate, using a different asset class and a different value transfer rail.”

Denisse Rudich, Founder & Executive Director, Rudich Advisory

That framing matters because it sets the right expectation for technology investment. Compliance teams that treat stablecoins as a wholly new category often end up building parallel programs with parallel governance, parallel data, and parallel blind spots. The more productive approach is to extend a unified compliance framework, with integrated blockchain analytics and AI capabilities, across the new rails rather than alongside them.

The market is also less monolithic than headlines suggest. Algorithmic, fiat-backed, central bank-issued, and commodity-backed stablecoins all share the same label but carry materially different risk profiles. A regulated US dollar-backed stablecoin is a different exposure from a gold-backed token tied to one of the most volatile and trafficked commodities on the planet. Compliance programs need to differentiate.

Where the risk profile genuinely shifts

The panel was direct that stablecoins are now the dominant rail for illicit crypto activity. Industry analysis from leading blockchain monitoring providers estimates that stablecoins accounted for around 84% of illicit cryptocurrency transaction volume in 2025. The reasons are not exotic. They are speed, irreversibility, pseudo-anonymity, and cross-chain layering, which make provenance harder to establish.

Four shifts in the risk profile that compliance teams should treat as live design constraints:

• Speed and irreversibility raise the fraud impact: Once a stablecoin transaction settles, there is no recovery mechanism. Detection has to happen before the transfer, not after.
• Pseudo-anonymity complicates identification: Self-hosted wallet activity puts pressure on identity assurance, including emerging approaches like GPS-based proof of address built into smart contracts.
• Cross-chain layering complicates monitoring: Value can move across multiple wallets and chains within minutes. The analytic burden is well beyond what legacy transaction monitoring was built for.
• Onboarding gaps between fiat and crypto remain the weakest link: Market makers and decentralized finance (DeFi) participants need touchpoints into the traditional system, and those touchpoints are where compliance gaps tend to sit.

Watch The Future of Compliance North America on-demand

Access every session from our North American compliance summit, covering this year’s theme: Unlocking opportunity through intelligent design.

Watch now

Friction is not the enemy of growth

Open banking and instant payment rails like FedNow have delivered exactly what users asked for: payments that complete instantly, anywhere, anytime. They have also handed authorized push payment (APP) fraudsters one of the most useful tools in their kit. The UK’s experience with APP fraud was urgent enough to warrant a national fraud strategy. The US is now contending with NACHA’s expanded obligations on receiving depository financial institutions (RDFIs) to monitor for fraud signals before crediting accounts.

“I always refer to that opening of A Tale of Two Cities. It’s the best of times, it’s the worst of times. Real-time payments, we love them. But of course, they also expose you to more potential risk.”

Andrew Davies, Global Head of FCC Strategy, ComplyAdvantage

The instinct in some product organizations is to treat any friction as an enemy of growth. The panel pushed back firmly on that framing.

“Some amount of user friction can actually help the customer journey in the long run, because you have those opportunities to ensure that a transaction is legitimate.”

Brandi Reynolds, Chief Compliance Officer, World Liberty Financial

The same logic applies to data. More data does not automatically equal better risk management. The expectation that comes with collecting a new data source, whether transaction telemetry, blockchain analytics, or device intelligence, is that the institution will act on what the data reveals. Collecting it without the ability to interpret and respond is a regulatory red flag, not a control.

The fastest-emerging gap the panel identified is not technical at all. It is the gap between the systems compliance teams now have to oversee and the technical fluency they have built up to do that oversight. Stablecoin mechanics, agentic AI, smart contracts, programmable finance, and at the edge, quantum-resistant cryptography are all becoming part of the supervised perimeter.

The expectation is not that every Money Laundering Reporting Officer (MLRO) becomes an engineer. It is that compliance leaders can interrogate the systems they are accountable for. In practice that means:

• Understanding how data flows between onboarding, monitoring, and reporting systems, and where the integration points create risk.
• Reading the outputs of AI and large language model (LLM) based monitoring well enough to distinguish a calibration issue from a model failure.
• Knowing the difference between a USD-backed, an algorithmic, and a commodity-backed stablecoin, and what each one means for the risk register.
• Anticipating the next shift, including agentic commerce, where the question of “know your customer” extends to “know your agent.”

Regulators are themselves upskilling. The compliance functions that build this literacy will be the ones whose exam interactions move from defense to dialogue.

The compliance shift behind the payments shift

The payments landscape will continue to move faster than most compliance frameworks were originally designed to support. Our State of Financial Crime 2026 survey found that 61% of firms are prioritizing real-time capabilities in their technology investments, an acknowledgement that the shift is already underway. The instinctive response to that pressure is to ask for more tools. The panel’s response was sharper: ask for the right tools, and equip the right people to use them.

For compliance leaders mapping the next 12 to 24 months, three priorities follow from the discussion:

1. Treat compliance as a design partner, not a final approval step, on every new payment product. Stablecoin integrations, agentic payment flows, and open banking partnerships are far easier to get right early than to remediate late.
2. Invest in unified risk intelligence across rails. Real-time payments, blockchain analytics, and traditional transaction monitoring should feed a single view of customer and counterparty risk, not three parallel ones.
3. Build the literacy that lets the team explain its decisions. The shift from “we monitor for X” to “we can show how and why we acted” is the regulatory direction of travel, and it is also the basis for the team’s credibility internally.

The technology to do all of this exists. The question is whether compliance functions will lead the conversation about how to apply it, or react to it after the fact.