TRM Labs

We are hiring! Join our mission of building a safer world for billions of people!

We are hiring! Join our mission of building a safer world for billions of people!

Privacy and compliance are often treated as a trade-off in blockchain. They don't have to be — and resolving that tension is what institutional adoption depends on. TRM's Liam Glennon joined a recent Midnight LIVE conversation to dig into exactly that: how blockchains can keep transactions private while still giving institutions the visibility to detect and deter illicit activity. Worth a watch if you work anywhere near compliance, privacy, or institutional crypto. Link in the comments 👇

This month, the Future of Financial Intelligence Sharing (FFIS) published its landmark survey of 37 anti-fraud collaboration platforms operating globally. The paper is the most comprehensive comparative study of fraud-risk intelligence sharing ever conducted. Beacon Network is featured as one of the 37 platforms — and it stands out in a specific, measurable way: it is the only platform in the entire survey with cross-border virtual asset tracing capability. While every other platform operates within traditional financial data, Beacon Network traces flagged funds across chains in real time, alerting downstream recipients before illicit assets can be withdrawn. The paper highlights real impact — including: ➡️ USD 34 million frozen when Beacon Network alerts tracked suspect funds crossing a virtual asset bridge in real time, enabling the counterparty to freeze the assets on the other side ➡️ 100% block rate — a bridge API has been developed that has blocked every single attempt from flagged scam addresses ➡️ 90+ law enforcement agencies from 21 countries coordinating with 70+ private sector members, including centralized exchanges, DeFi protocols, bridge services, and payment processors ➡️ A first-of-its-kind 48-hour joint investigations sandbox with Wolfsberg Group financial institutions, bridging crypto and traditional finance in real time The FFIS paper closes with a call to action for FATF to build the cross-border policy framework that allows platforms like Beacon Network to connect at scale — because 91% of platforms surveyed say cross-border sharing is essential, yet most report doing almost none of it. Beacon Network is already operating in that gap. 🔗 Read the full FFIS paper and learn more about Beacon Network — link is in the comments below.

The biggest story this week, and the biggest challenge for compliance teams, was the UK government’s designation of 18 entities and individuals — including Huobi Global (HTX), Exmo Exchange, Bitpapa, and Rapira Group — as part of a package targeting cryptocurrency exchanges and illicit networks exploited by Russia to fund its war economy. The UK's designations come in the wake of the EU's blanket ban on Russian crypto firms. For compliance teams, this means exposure to any of these entities — direct or indirect — now triggers obligations across two jurisdictions simultaneously. TRM is hosting a webinar tomorrow to walk through exactly what that means — check out the link the comments to register. While Russia sanctions dominated the week, developments kept coming from across the globe. In this edition of the Roundup, Ari Redbord and Isabella Chase cover: 🌐 IOSCO releases global supervisory toolkit for AI use in capital markets 🇪🇺 EU's blanket ban on Russia and Belarus-based crypto providers enters into force 🇬🇧 UK sanctions the A7 network with 18 designations, including Huobi and Exmo 🇺🇸 TRM's Ari Redbord testifies before Congress on modernizing the Bank Secrecy Act for the age of AI 🇲🇽 OFAC sanctions Sinaloa cartel network, designating 11 individuals and six Ethereum addresses 🌐 Prediction markets surge as Spain joins the global crackdown and the legal framework heads to uncharted territory

When AI-assisted coding adoption inside TRM's engineering org hit an inflection point in late 2025, Ankush Sharma — who leads TRM's blockchain data engineering teams — didn't reach for more tooling. He re-architected how the team operates entirely. In our latest post on the TRM Tech Blog, Ankush shares the "agentic software factory" model he built: treating AI as shared platform infrastructure rather than a collection of personal productivity tools, with explicit human decision boundaries at every level. Some work is AI-first. Some is AI-assisted. Some is human-led with AI organizing the evidence. And some — promotions, hiring, architecture tradeoffs, accountability calls — stays human-only, full stop. The Q1 2026 results speak for themselves: 125% of OKRs completed, chains onboarded at 3x the previous quarterly record, 35%+ reduction in targeted infrastructure spend, and zero confirmed P0 incidents tied to chain-launch scaffolding since the model rolled out. The insight Ankush keeps coming back to: when AI makes code generation cheap, the bottleneck doesn't go away — it moves to review quality, prioritization, and engineering judgment. The whole system has to be redesigned around that reality, not just accelerated. It's a genuinely different way to think about how engineering teams should operate in the AI era, and worth a read whether you're leading a team or building one. Read Ankush’s post here 👉 https://lnkd.in/dJENHeYX

Today, the UK government designated 18 entities and individuals — including Huobi Global (HTX), Exmo Exchange, Bitpapa, and Rapira Group — as part of a package targeting cryptocurrency exchanges and illicit networks exploited by Russia. The action focuses on the exchanges, banks, and corporate vehicles helping channel value through cryptocurrency to fund Russia's war economy. The designations largely track the pattern TRM has documented across the post-Garantex sanctions-evasion ecosystem: high-volume exchanges, ruble-onramp peer-to-peer platforms, and the A7 corporate-and-token infrastructure that emerged after the March 2025 Garantex takedown. Read the full analysis here ➡️ https://lnkd.in/e46N29xW

ICYMI: Sophie Bowler (Global Chief Risk and Compliance Officer at Zodia Custody) joined Ari Redbord on the latest #TRMTalks. Their conversation is a must-listen for compliance pros — from MiCA and DORA in Europe to the AFSL framework in Australia, and from blockchain analytics through to real-time information sharing across the industry. Sophie also has a sharp take on AI: it's already reshaping compliance workflows, and it's reshaping the threat landscape just as fast. Check it out 👉 https://lnkd.in/engmG2Wx

🇸🇪 TRM Labs is at the Nordic Blockchain Conference in Stockholm this week. The team is on the ground with two sessions worth catching: ▪️ Luke Dufour (Compliance Advisor, EMEA), takes the keynote stage with “Stablecoins, AI, and the Evolution of Financial Crime.” The session looks at how the threat surface is shifting and what effective detection looks like today. ▪️ On May 27, TRM and the Nordic Blockchain Association co-host a roundtable breakfast on stablecoins, sanctioned tokens, and the compliance stack. The conversation, led by Luke and Magnus Jones (board member at the Nordic Blockchain Association) brings MLROs, heads of compliance, heads of risk, and digital asset leads together from banks, payment service providers, exchanges, and crypto businesses. The agenda covers building the operating model for digital assets and reading the risk signal in practice, including the A7A5 sanctioned ruble-pegged stablecoin. Thanks to the Nordic Blockchain Association for convening the ecosystem. #Stablecoins and tokenized assets are moving from pilot to production across European finance, and this is the room where the Nordic position gets set. 📍 Find the team at our booth ☕ The May 27 roundtable is fully subscribed. Join the waitlist if you lead risk, compliance, or digital assets at a financial institution or crypto business, and we'll keep you posted if a seat opens up: https://luma.com/3k1t8tsq

A joint FinCEN-OFAC proposed rule would classify Permitted Payment Stablecoin Issuers (PPSIs) as financial institutions under the Bank Secrecy Act — bringing full AML and sanctions compliance obligations to #stablecoin issuers for the first time. Comment period closes June 9. What the rule would require operationally: 🔹 A written BSA AML program: The full suite of internal controls including a designated compliance officer, customer identification, suspicious activity reporting, independent testing 🔹 A documented OFAC sanctions compliance program: Risk assessment, sanctions screening at scale, escalation procedures, recordkeeping 🔹 The technical capability to freeze assets at OFAC-designated addresses on-chain — formalized as a compliance requirement, not a voluntary policy The rule draws a clear line between PPSIs and money services businesses, and between federally and state-qualified issuers — with both paths triggering the same program obligations. For compliance teams, the comment period is a meaningful window: Map current AML and sanctions posture against the rule's program elements, identify screening gaps across the chains where tokens circulate, and contribute operational evidence to shape how the final rule's risk-based language is interpreted. Read TRM’s full breakdown here ➡️ https://lnkd.in/eJYj9PbN