Editorial Analysis · March 2026

Three Reports That Changed Stablecoin Compliance

In March 2026, the FATF published three targeted reports that reshaped the compliance landscape for every stablecoin issuer. This page summarizes each report, what changed from previous guidance, and what compliance teams must do before October 2026.

Report 1 · March 3, 2026

Targeted Report on Stablecoins and Unhosted Wallets

The big picture: For the first time, the FATF explicitly requires stablecoin issuers to embed governance controls — freeze, burn, and deny-list — directly into smart contracts.

  • Key finding — stablecoins account for 84% of illicit virtual asset transaction volume in 2025
  • Primary mandate — Rec 15 now requires code-enforced governance at L3 (smart contract layer), not just policy-enforced controls at L4–L5
  • Unhosted wallets — the report flags P2P transfers via unhosted wallets as the primary regulatory gap
  • What changed — previous guidance was ambiguous on whether governance controls needed to be on-chain. This report makes it explicit: they must be.

→ Explore the Freeze/Burn Simulator to see how each token standard implements these controls

Report 2 · March 11, 2026

Understanding and Mitigating Offshore VASPs

The big picture: The FATF shifts from incorporation-based to activity-based regulation. If you serve customers in a country, that country's rules apply to you.

  • Activity-based approach — where you do business matters more than where you're incorporated
  • Nested services — licensed VASPs must stop providing correspondent services to unregulated offshore entities
  • What changed — previous guidance focused on the entity's registered jurisdiction. This report says operating jurisdictions determine regulatory obligations
  • Impact on Tether — BVI registration with global operations is now explicitly the pattern the FATF wants to end

→ Run the Offshore VASP Screener to assess entity risk

Report 3 · Q1 2026

Recommendation 16 Explanatory Note (Travel Rule)

The big picture: The FATF clarifies Travel Rule implementation details with specific thresholds, timelines, and a new assessment methodology.

  • $1,000 threshold — cross-border transfers at or above this amount require full originator and beneficiary info
  • 3-business-day rule — for domestic transfers, if full info isn't sent with the payment, it must be available within 3 business days on request
  • October 2026 deadline — new assessment methodology takes effect. Countries will be graded on Travel Rule implementation
  • 2030 global deadline — all jurisdictions expected to have full Travel Rule implementation by December 2030
  • Current state — 85 of 117 jurisdictions (73%) have passed or are processing Travel Rule legislation

→ Build and validate IVMS101 messages with the Travel Rule Validator

October 2026 Assessment Deadline

What Compliance Teams Must Do Now

The bottom line: October 2026 is 6 months away. Here's the compliance checklist for every stablecoin issuer.

  • Smart contract audit — verify freeze, burn, and deny-list functions exist and are code-enforced at L3 on every chain where your stablecoin is deployed
  • Travel Rule infrastructure — implement IVMS101 messaging via TRUST, Notabene, or equivalent protocol. Test $1,000 threshold logic.
  • oVASP screening — build an activity-based risk assessment for every counterparty VASP. Screen against Grey List monthly.
  • Nested service review — audit all correspondent relationships. Terminate any that provide pass-through access to unregulated entities.
  • Monitoring upgrade — deploy blockchain analytics (Chainalysis/Elliptic/TRM) for KYT. Ensure P2P pattern detection is active.
  • Documentation — prepare for FATF assessment methodology. Document every compliance mechanism, its enforcement type, and regulatory citation.

Issuer Impact Assessment

What Each Report Means for the Five Issuers

What to know: Each of the five target issuers faces a different compliance profile across the three reports.

  • Coinbase — best positioned. $47M compliance spend, TRUST protocol, AgentKit monitoring. Main gap: cross-chain Travel Rule metadata on Superchain.
  • Circle — strong L3 controls (USDC blacklist). IPO pressure after stock drop on report day. CCTP complicates Travel Rule across chains.
  • Catena Labs — building compliance-native from scratch on Arc. Regulatory view keys address all three reports. Strongest long-term position.
  • Tether — strongest L3 burn function (destroyBlackFunds). But BVI registration is exactly the oVASP pattern FATF targets. TRON dominance creates Travel Rule gap.
  • Paxos — NY-chartered trust company. Strong regulatory position. Institutional focus simplifies compliance. Lower public risk profile.