When Europe’s payment institutions (PIs) and electronic-money institutions (EMIs) still show structural AML/CFT weaknesses, it’s reckless to assume stablecoin issuers—often EMIs themselves—will perform better. Any bank offering operating, reserve or settlement accounts to a fiat-backed stablecoin issuer faces two rails (fiat + on-chain). Both must be managed to AML standards—or the bank should walk away
What the EBA already told us (and keeps repeating)
In a report issued in June 2023 EBA finds that money laundering and terrorist financing risks in payment institutions are not managed effectively all over Europe: Supervisors across Europe consider PIs a high-risk sector and find that controls are often insufficient. Authorisation quality is uneven and firms with weak AML/CFT can passport cross-border after licensing in “easier” Member States. Notably, PI customer bases skew toward gambling and crypto-asset service providers (CASPs)—exactly the risk tail we see in stablecoin flows.
In its July 2025 Opinion, EBA even stated that Inherent and residual ML/TF risks increased in PIs, EMIs and CASPs. The EBA explicitly warns that innovation is outpacing risk management, and that careless reliance on RegTech can create blind spots.
Policy reality check. Europe is standing up AMLA and MiCA, but fragmentation and inconsistent national supervision remain live issues.
Policy reality check
Everyone in Europe is talking about AMLA and MiCA, but in reality fragmentation and inconsistent and ineffective national supervision remain live issues.
If the baseline still fails for PIs/EMIs, staking consumer protection on a lighter touch for stablecoin issuers is fantasy.
Wolfsberg’s stablecoin guidance is helpful—but not enough
The Wolfsberg Group’s 2025 Guidance on banking fiat-backed stablecoin issuers tells banks to treat these relationships much like other FI clients, use CBDDQ/FCCQ, apply a risk-based approach, and calibrate oversight for on-chain specifics. That’s sensible, but it also legitimises macro-level monitoring in lower-risk scenarios and leans on the issuer’s own risk appetite—not a consumer-protection floor. Good industry hygiene; not a substitute for hard supervisory minimums.
EFRI view: If PIs/EMIs still struggle, banks must raise the bar for stablecoin issuers, not lower it.
Case in Point: StablR and the “trust me” model
StablR markets EURR and USDR as fully-backed stablecoins, claims EMI authorisation in Malta (MFSA), and advertises proof-of-reserves with quarterly Grant Thornton reviews and daily reserve updates. Its site also states it is “powered by Tether.” These are StablR’s own claims.
StablR is led by former Payvision executives (e.g., ex-COO Gijs op de Weegh; former Payvision CFO Corné van der Meijden). Dutch prosecutors fined two former Payvision directors in 2024 for Wwft/AML failings. These facts warrant enhanced scrutiny from banks and supervisors.
Tether invested in StablR in Dec 2024, and by now StablR has announced it issues via Tether’s Hadron tokenisation stack.
In July 2025, EFRI formally urged MFSA (with a copy to EBA) to review StablR’s EMI licence, given sector-wide weaknesses identified by EBA and the elevated risks when stablecoin rails meet high-risk merchants. That request stands. The StablR people have worked with scammers for over 20 years, during Payvision´s active time. We assume that all these high-risk merchants are pleased to have them back in the game again.
The layered-risk problem (why stablecoins are harder than EMIs alone)
Two rails to supervise: Risk signals live on-chain while value exists in fiat via bank accounts. That split does not exist in classic card/wire PI flows.
High-risk merchant mix: EBA already flags gambling and CASPs in PI/EMI portfolios; stablecoins can supercharge velocity and cross-border reach.
Redemption mechanics: Buy-backs without immediate burns and special burn/re-issue paths complicate reconciliation and enable “cleansing” risks at redemption. Banks must pin supply vs. reserves vs. fiat movements—every day
Our minimum asks—for banks, supervisors, and issuers
For banks servicing a stablecoin issuer (especially those touching gambling/CASP flows) we request:
Treat it as “EMI/PI-plus.” : Apply correspondent-style EDD to clients-of-your-client, not just the issuer. Require wallet-level transparency for higher-risk programs.
Hard reserve verification: Daily reconciliation of circulating supply to your reserve/settlement accounts; independent assurance tied to banking data, not just issuer-published dashboards.
Mandatory on-chain baseline. No “macro-only” exceptions: sanctions/PEP proximity, mixer/peel-chain detection, DASP counterparty risk scoring, event-driven reviews for large or pattern-breaking redemptions.
Travel-Rule gating: Route redemptions through licensed, Travel-Rule-capable counterparties until interoperability is real, not promised
For supervisors/NCA/AMLA:
Tighten authorisation and passporting for EMIs that issue/operate stablecoins; implement the EBA’s 2023/2025 prescriptions on authorisation quality and cross-border oversight now.
- do background checks: do not license companies/people with a connection to long-term online fraud (like StablR).
Name-and-explain when residual risk in PI/EMI sectors rises—don’t wait for failures. Publish thematic findings on stablecoin redemption controls and reserve assurance.
Bottom Line
If Europe still struggles to ensure basic AML/CFT effectiveness in PIs/EMIs, it is unacceptable to relax standards for stablecoin issuers—especially where flows touch gambling and crypto. Wolfsberg has opened the door to banking these clients; the EBA’s data tell us to bolt on stricter, crypto-specific controls before consumers pay the price again.
