SoK: Web3 RegTech for Cryptocurrency VASP AML/CFT Compliance
Qian'ang Mao, Jiaxin Wang, Ya Liu, Li Zhu, Jiaman Chen, Jiaqi Yan
TL;DR
Web3 RegTech for AML/CFT addresses the inadequacy of centralized compliance by leveraging distributed ledgers to build capabilities such as transaction graph analysis, real-time risk scoring, cross-chain analytics, and privacy-preserving verification. The SoK introduces three taxonomies—Regulatory Paradigm Evolution, Compliance Mechanism Taxonomy, and RegTech Lifecycle Framework—and analyzes 41 commercial platforms and 28 academic prototypes (2015–2025) to characterize the current ecosystem. It identifies eight academia–industry gaps and six persistent challenges (cross-chain tracking, DeFi interaction analysis, privacy protocol monitoring, scalability, attribution maintenance, and false positives) and proposes nine strategic directions including verifiable compliance proofs, semantic understanding, and standardized evaluation to accelerate deployable, regulator-aligned Web3 RegTech. The work provides architectural best practices and a roadmap for researchers, protocol designers, and regulators to harmonize Web3 decentralization and transparency with AML/CFT objectives.
Abstract
The decentralized architecture of Web3 technologies creates fundamental challenges for Anti-Money Laundering and Counter-Financing of Terrorism compliance. Traditional regulatory technology solutions designed for centralized financial systems prove inadequate for blockchain's transparent yet pseudonymous networks. This systematization examines how blockchain-native RegTech solutions leverage distributed ledger properties to enable novel compliance capabilities. We develop three taxonomies organizing the Web3 RegTech domain: a regulatory paradigm evolution framework across ten dimensions, a compliance protocol taxonomy encompassing five verification layers, and a RegTech lifecycle framework spanning preventive, real-time, and investigative phases. Through analysis of 41 operational commercial platforms and 28 academic prototypes selected from systematic literature review (2015-2025), we demonstrate that Web3 RegTech enables transaction graph analysis, real-time risk assessment, cross-chain analytics, and privacy-preserving verification approaches that are difficult to achieve or less commonly deployed in traditional centralized systems. Our analysis reveals critical gaps between academic innovation and industry deployment, alongside persistent challenges in cross-chain tracking, DeFi interaction analysis, privacy protocol monitoring, and scalability. We synthesize architectural best practices and identify research directions addressing these gaps while respecting Web3's core principles of decentralization, transparency, and user sovereignty.
