Crypto AML

June 19, 2026

9 min read

FATF vs. FinCEN: What US Crypto Teams Need to Know

Ian Hart

Introduction

If you work in US crypto compliance, you will hear two names again and again: FATF and FinCEN. Both matter in anti-money laundering and counter-terrorist financing work. Both influence how crypto businesses build controls. Yet many people still mix them up.

The simplest way to understand the difference is this: FATF is the global standard-setter, while FinCEN is the US regulator that applies and enforces relevant AML obligations. FATF tells countries what strong AML/CFT frameworks should look like. FinCEN turns relevant US legal requirements into practical expectations that in-scope businesses must follow.

For a US crypto exchange, broker, custodial wallet provider or other virtual asset business, knowing the difference is not just academic. It helps you understand why the rules exist, how global standards become local obligations and what future regulatory changes may look like.

What is FATF?

FATF stands for the Financial Action Task Force. It is an inter-governmental body that sets international standards for fighting money laundering, terrorist financing and other financial crime risks. FATF is not a law enforcement agency and it does not usually regulate businesses directly. Instead, it issues Recommendations and guidance that countries are expected to implement through their own legal and supervisory systems.

For crypto teams, FATF is especially important because of its work on virtual assets and Virtual Asset Service Providers, or VASPs. Its Recommendation 15 and related guidance make it clear that virtual asset activity should not sit outside AML/CFT controls. FATF expects countries to regulate VASPs, assess risk, require licensing or registration where appropriate, and apply controls such as customer due diligence, record keeping, suspicious transaction reporting and the Travel Rule.

In short, FATF creates the global direction. Countries then decide how to apply it.

What is FinCEN?

FinCEN stands for the Financial Crimes Enforcement Network. It is a bureau of the US Department of the Treasury. Its mission is to safeguard the financial system from illicit activity, counter money laundering and terrorist financing, and support national security through financial intelligence.

For US crypto businesses, FinCEN is much more direct than FATF. FinCEN administers and enforces important rules under the Bank Secrecy Act framework. Depending on the business model, a crypto business may need to register as a Money Services Business, implement an AML programme, keep records, file Suspicious Activity Reports and meet other compliance duties.

In short, FATF influences the framework, but FinCEN influences your daily workflow.

FATF vs FinCEN: the core difference

The easiest way to separate the two is by asking three questions: who are they, what do they produce, and who do they directly affect?

FATF is an international standard-setting body. Its main outputs are Recommendations, guidance papers and public statements, including its high-risk and increased-monitoring jurisdiction updates. FATF mainly affects countries, regulators and policymakers, although its standards indirectly shape private-sector compliance expectations.

FinCEN is a US government bureau. Its main outputs are regulations, guidance, advisories, filing expectations and enforcement-related expectations within the scope of its legal authorities. FinCEN directly affects businesses operating in the United States that fall within its remit.

That is why FATF is often described as the global rule-maker and FinCEN as the US rule-applier or enforcer.

Feature	FATF	FinCEN
Type of body	Inter-governmental standard-setter	US Treasury bureau
Role	Issues Recommendations and guidance	Applies and enforces US AML/CFT obligations
Scope	Global	United States
Output	Recommendations, guidance, public statements	Regulations, guidance, compliance expectations
Direct impact	Shapes countries and global standards	Directly affects in-scope US businesses

How FATF and FinCEN work together

FATF and FinCEN are closely linked even though they are not the same institution. FATF issues international standards. The United States, as a FATF member, takes those standards seriously. US policymakers and regulators then decide how to implement them through law, regulation, guidance and supervision. FinCEN plays a central role in that process for AML/CFT matters within its authority.

A good example is crypto regulation. FATF says countries should regulate VASPs and apply AML/CFT measures. FinCEN then clarifies how relevant US businesses should register, what records they should keep, when suspicious activity should be reported, and how AML controls should operate in practice.

This is why compliance teams should not see FATF and FinCEN as competing bodies. They are part of the same chain.

Why US crypto teams need to know both

Many US compliance professionals focus only on FinCEN because that is the immediate regulator they deal with. That is understandable, but it can be limiting. Understanding FATF gives teams useful strategic context.

First, FATF helps you understand the why behind the rules. If your team has to gather customer information, apply enhanced due diligence or support Travel Rule compliance, FATF explains the global objective behind those obligations.

Second, FATF helps you anticipate change. When FATF pays more attention to a topic such as DeFi, stablecoins or cross-border information sharing, there is a good chance regulators around the world will also look more closely at it.

Third, FATF matters for international business. Even if your company is based in the US, it may send or receive crypto involving customers, counterparties or VASPs in other jurisdictions. FATF standards help you evaluate whether those jurisdictions have stronger or weaker AML/CFT frameworks.

Travel Rule example: where global and US rules meet

The Travel Rule is one of the best examples of how FATF and FinCEN work together. FATF treats originator and beneficiary information sharing as a core AML/CFT expectation when value moves between regulated entities. For virtual assets, this has become a major operational issue because transfers can move quickly across borders and between different providers.

For a US crypto business, the practical question is not just what FATF says. It is also what your US obligations require and how your team can build a workable process. That means identifying in-scope transfers, collecting the right information, transmitting it securely where required, handling exceptions and keeping evidence.

If FATF updates its approach or highlights implementation gaps, US teams should pay attention because it may signal future changes in the operating environment.

Why the FATF grey list still matters to US firms

Even though US businesses follow US law, FATF country assessments still matter. FATF publishes updates on jurisdictions under increased monitoring and on high-risk jurisdictions subject to a call for action. These lists influence geographic risk analysis.

If a customer lives in a grey-listed jurisdiction, or if funds are being sent to or from a VASP in such a country, your team may need to apply enhanced due diligence, review source of funds more carefully, assess counterparties more closely and document decisions in greater detail.

This does not mean every transaction connected to a grey-listed country is suspicious. It does mean the risk profile is higher and your controls should reflect that.

Common mistakes teams make

A common mistake is treating FATF and FinCEN as interchangeable names. They are connected, but they are not the same. Another mistake is assuming FATF has no practical value because it is not your direct regulator. In reality, FATF can help your team understand regulatory direction and cross-border risk.

Some businesses also over-focus on registration and forget that registration is only the starting point. Strong compliance depends on how the AML programme works in real life. That means ongoing monitoring, proper record keeping, timely escalation, good training and clear decision-making.

Weak documentation is another problem. If a team decides to accept a higher-risk customer, process a sensitive transfer or close an alert with no further action, the reasoning should be clear.

Practical checklist for US crypto compliance teams

Use this quick checklist to test your understanding and your control framework:

· Can your team explain the difference between FATF guidance and FinCEN obligations?

· Do you know whether your business activities trigger MSB or other US compliance duties?

· Do you have an AML programme that matches your products, customers and geographic exposure?

· Do you apply customer due diligence and enhanced due diligence in a risk-based way?

· Do you monitor wallet and transaction risk, including cross-border exposure?

· Do you have a clear SAR escalation process?

· Do you review FATF grey-list developments when updating country risk?

· Does your Travel Rule workflow work in practice, not just on paper?

If the answer to any of these questions is unclear, that is a sign your framework may need more work.

Conclusion

FATF and FinCEN play different but complementary roles in US crypto compliance. FATF sets the international standards. FinCEN operates within the US legal system and helps turn AML/CFT expectations into practical obligations for relevant businesses.

For US crypto teams, FinCEN is the immediate compliance reality. But FATF is still essential because it explains the policy logic behind the rules, shapes future developments and helps teams assess international risk. The strongest compliance programmes understand both.

If you want your team to move beyond memorising acronyms and build practical confidence, training on FATF standards, VASPs, Travel Rule controls and US AML expectations can make a real difference.

Build Practical FATF Knowledge for US Crypto Teams

FAQs

What is the main difference between FATF and FinCEN? FATF is a global standard-setter, while FinCEN is a US Treasury bureau that applies and enforces AML/CFT obligations within its legal remit.

Does FATF make laws? No. FATF issues Recommendations and guidance. Countries are expected to implement relevant standards through their own laws and regulations.

Do US crypto teams follow FATF directly? US crypto teams primarily follow applicable US rules and regulatory expectations. However, FATF still matters because it shapes the global standards behind many of those rules.

Why does the FATF grey list matter to a US business? It helps identify higher geographic risk. Transactions involving grey-listed jurisdictions may need enhanced due diligence, stronger documentation and closer monitoring.