Pete Balint, Partner at Financial Crimes Advisory at SolomonEdwards, has recently shared key insights with CI.
As now widely reported, the 2025 GENIUS Act is reshaping how digital assets are regulated in the U.S.
With new AML requirements, stablecoin issuers are now classified as financial institutions. With mandatory third-party audits, financial institutions can no longer afford to treat crypto as a wait-and-see initiative.
In a commentary shared with CI, Pete Balint has aimed to address what banks and fintechs need to do to stand up successful crypto governance frameworks.
Our conversation with Pete Balint is shared below.
Crowdfund Insider: The GENIUS Act brings crypto—and stablecoins in particular—squarely into the regulatory fold. What kinds of internal controls will financial institutions need to have in place on day one?
Pee Balint: With the GENIUS Act bringing stablecoins under clearer regulatory oversight, financial institutions must prepare with strong internal controls from day one. At the core of this will be a robust risk assessment framework tailored specifically to stablecoin activity. That means evaluating transaction volumes, customer types, and geographic exposure to determine where money laundering risks may arise.
Customer due diligence (CDD) protocols, including comprehensive know your customer (KYC) checks, will be essential to verify user identities and understand their activity. For higher-risk scenarios—such as large transfers, dealings with politically exposed persons (PEPs), or transactions involving high-risk jurisdictions—enhanced due diligence (EDD) will need to be applied.
On the monitoring side, institutions must have systems in place to detect and flag suspicious patterns in stablecoin transactions. And when concerns arise, they’ll need formalized procedures to report that activity to FinCEN through suspicious activity reports (SARs).
Additionally, independent audits will play a critical role in ensuring the effectiveness of the BSA/AML program, helping uncover potential gaps. Finally, engaging the board and senior management will be key to adapting to evolving crypto regulations.
Crowdfund Insider: What are some early warning signs that an institution’s AML program isn’t ready for GENIUS-level scrutiny?
Pete Balint: There are a few key warning signs that an institution’s AML program may not be ready for the level of scrutiny the GENIUS Act demands. One major red flag is when management seems unaware of—or worse, dismissive about—the compliance risks tied to banking cryptocurrency. Leadership may even deliberately ignore red flags in certain cases, in favor of chasing short-term profits, which can be a dangerous signal.
Another indicator is a lack of robust AML and KYC training across the organization. Employees must be able to recognize suspicious crypto activity and understand the institution’s crypto-related policies. Failing to educate staff on how money laundering works in the context of digital assets is a critical gap.
Finally, transaction-monitoring systems not calibrated for crypto-specific activity pose a serious risk. Poorly tuned systems may miss genuine threats or overwhelm compliance teams with false positives, undermining the effectiveness of the AML effort.
Crowdfund Insider: How should institutions rethink their approach to transaction monitoring when applying it to blockchain-based payments versus traditional fiat flows?
Pete Balint: Rethinking transaction monitoring for blockchain-based payments versus traditional fiat flows requires a fundamental shift in methodology, tools, and mindset. Here are some of the key differences to consider:
Traditional Fiat Monitoring:
-
- Rule-based systems flag activity like large transactions, transfers to high-risk geographies, or unusual account behavior.
- Heavy reliance on static thresholds and alerts.
- Monitoring is based on internal records, SWIFT messages, and KYC data.
- Suspicious activity detection relies on contextual knowledge.
Blockchain-Based Monitoring:
-
- Should incorporate heuristics, behavior-based typologies, and smart contract interaction patterns.
- Watch for mixer usage, rapid multi-hop transfers, DeFi protocol abuse, and known malicious address interactions.
Crowdfund Insider: What advice do you have for firms building crypto compliance programs from scratch versus those adapting legacy systems?
Pete Balint: Building a crypto compliance program differs depending on whether a firm is starting from scratch or adapting a legacy system, but in either case, a tailored approach is essential.
For firms starting fresh, the opportunity is to build for scalability and flexibility from day one, selecting systems and structures that can adapt as both regulations and the crypto ecosystem evolve. A strong foundation begins with hiring hybrid talent—professionals who combine traditional compliance experience with a deep understanding of crypto’s unique nuances.
For firms adapting legacy systems, the priority is adopting a regulatory-first mindset. This means closely following guidance from FinCEN, the OCC, the FDIC and the Financial Reporting Council, and revising policies to align with evolving expectations.
Legacy systems must also be strengthened to address crypto-native risks such as self-custody, privacy coins, DeFi exposure, cross-chain transactions and the use of mixers—risks that do not exist in the traditional space.
In both cases, engaging compliance early in the product lifecycle helps manage risks before they develop. Partnering with reputable vendors who understand the crypto landscape ensures the compliance program can scale responsibly without sacrificing regulatory readiness.
For institutions that rely heavily on vendors for ‘know your client’ (KYC), monitoring, or audit support, what specific questions should they be asking now to assess GENIUS-readiness?
As the GENIUS Act brings greater regulatory rigor to the crypto space, financial institutions that rely on third-party vendors for KYC, transaction monitoring, or audit functions need to evaluate those relationships with fresh scrutiny. Now is the time to ask pointed questions to ensure your partners are truly GENIUS-ready:
-
- How do you interpret the GENIUS Act in relation to the services you provide (KYC, monitoring, audit)?
- What specific controls or processes have you implemented to meet its requirements?
- Have you conducted a gap analysis or regulatory impact assessment for GENIUS? Can you share the results?
- What audit trails or logging capabilities do you provide to support GENIUS Act requirements?
- How do you support real-time or near-real-time monitoring of compliance controls?
- Can we conduct our own audits of your systems or access independent third-party assessments?
Crowdfund Insider: The GENIUS Act references periodic audits and reporting obligations. What infrastructure needs to be in place to ensure those reports hold up under regulatory review?
Pete Balint: To ensure reports required by the GENIUS Act hold up under regulatory review, banks should implement a robust infrastructure that supports transparency, traceability, and accountability.
This should include a comprehensive data governance framework that enables tracing how data is collected, transformed, and used, especially in AI systems. It is important to maintain clear documentation on data ownership, source, quality, and usage rules.
Strong model governance is also essential to document, version, and monitor AI and machine-learning models, including their training data, bias assessments, and validation results.
In addition, third-party risk management must be part of the infrastructure to ensure vendors and service providers meet the same standards and are regularly reviewed, particularly when their tools are involved in reporting or audit processes.
Crowdfund Insider: You’ve managed retrospective reviews of accounts and transactions. Do you expect that kind of backward-looking enforcement to follow the passage of this legislation?
Pete Balint: Absolutely. As crypto in banking evolves over the next few years, significant regulatory action is likely. For example, a 2022 enforcement action against a crypto bank required a formal “look back” at past transactions and accounts.
Crowdfund Insider: How can compliance teams keep pace with this shift without creating operational drag or stifling the product side of the business?
Pete Balint: Navigating the GENIUS Act requires compliance teams to balance regulatory obligations with operational efficiency. Successfully integrating crypto within the banking sector depends on balancing compliance obligations with the need to avoid operational drag.
At a minimum, compliance teams should embrace proactive compliance and education, leveraging technology to drive efficiency. Implementing AI and blockchain-based tools can help streamline processes, while embedding compliance into development workflows, rather than treating it as an afterthought, helps protect innovation while maintaining regulatory readiness.
Crowdfund Insider: What’s one overlooked advantage of preparing early for GENIUS that goes beyond just avoiding enforcement actions?
Pete Balint: Preparing early builds trust and strengthens reputation. Proactive compliance demonstrates a commitment to responsible innovation and consumer protection, enhancing credibility with customers, investors and regulators.
In a fast-changing area like digital assets, where trust and transparency are crucial, that credibility can become a lasting competitive advantage.