AML/CTF audits: the new mandatory requirement for crypto projects in 2025

Crypto regulation in Europe has taken a significant step forward with the entry into force of the MiCA Regulation, published by the European Commission. This framework transforms crypto-asset service providers into Crypto Asset Service Providers (CASP) and requires them to meet a much stricter compliance standard, especially regarding anti-money laundering (AML) and counter-terrorist financing (CTF).

These obligations are complemented by the Sixth Anti-Money Laundering Directive (6AMLD), which strengthens corporate criminal liability. In Spain, SEPBLAC is reinforcing its supervision of crypto operators, in line with the future AMLA.

In this new regulatory environment, AML/CTF audits are no longer a technical recommendation: they are a mandatory legal requirement to operate in Europe.

What does AML/CTF regulation currently require for crypto projects?

Compliance obligations for blockchain projects have expanded considerably. Key requirements include:

Enhanced user identification and verification (KYC/KYB)

This includes identity verification, analysis of economic activity, financial documentation, and checks against international sanctions lists.

Risk matrices aligned with European parameters

ESMA has published technical standards on its official website requiring users, transactions and geographies to be classified according to their level of risk.

Full traceability of blockchain transactions

CASPs must monitor crypto transfers using specialised tools capable of detecting illicit patterns.

Ongoing transaction monitoring

Simple customer identification is no longer sufficient: regulations require monitoring their activity over time.

Reporting of suspicious transactions

Reports must be submitted through the official SEPBLAC channels, using formats set out by Spanish regulation.

What does a crypto AML/CTF audit involve?

An AML/CTF audit assesses whether a crypto project’s systems comply with MiCA and European regulations. It includes:

1. Business model analysis

Assessment of the type of assets, volume, functionality, involved jurisdictions and level of risk exposure.

2. Comprehensive document review

Including AML policies, risk matrix, procedures manual, onboarding manual and monitoring criteria.

3. Technical traceability assessment

This is where Cryptoveritas360, our technology partner, comes in, providing:

• smart contract audit
• blockchain forensic analysis
• on-chain metrics
• risk detection in wallets and protocols
• exposure testing for laundering through clustering and advanced tools

4. Operational testing and simulations

Assessment of how the team responds to real risk scenarios:

• suspicious transactions
• irregular transactions
• changes of jurisdiction
• unexpected activity in monitored wallets

5. Final report and remediation plan

The outcome includes a roadmap to align the project with MiCA and European AML rules.

At this stage, our technology partner Cryptoveritas360 participates, providing smart contract audits, forensic analysis and advanced on-chain tools.

Projects that require an AML/CTF audit

• Exchanges
• Custodians and wallet providers
• DeFi platforms with an identifiable team
• Tokenisation providers and NFT marketplaces
• Fintechs with crypto services
• Companies applying for a CASP licence
• Operators managing staking, lending or financial products based on blockchain

Consequences of non-compliance

Spain will be one of the strictest jurisdictions. Consequences may include:

• Significant fines.
• Freezing of funds.
• Loss of CASP licence.
• Administrative investigations.
• Enhanced criminal liability under 6AMLD.

How can we help you at IN DIEM Abogados?

At IN DIEM, we combine legal expertise and advanced technical support with Cryptoveritas360:

• Comprehensive AML/CTF audits
• Preparation for CASP licences
• Drafting AML policies and manuals
• Defence in inspections
• Training and ongoing support
• Investor due diligence

Frequently Asked Questions

Publications about Cryptocurrencies on our blog

Experts in New Technologies and Crypto Assets

The world of crypto-assets and new technologies is constantly evolving, and companies need more than ever a legal partner that combines technical, tax and regulatory expertise. At In Diem Abogados, we have developed a comprehensive, specialised approach that sets us apart from other traditional firms.

Our firm offers comprehensive advice in all areas related to crypto-assets and blockchain, including:

• Law and Cryptocurrencies: we advise on Bitcoin, Altcoins, ICOs, NFTs, and blockchain-based projects, providing legal security from creation to the operation of any crypto-asset.
• Crypto Tax and Taxation: we offer expert guidance on taxation of cryptocurrency investments, buy-sell transactions, staking, DeFi, and airdrops, ensuring compliance with current regulations.
• Crypto Tax Reports: we offer different services to issue Cryptocurrency Tax Reports for your personal income tax return, or to correct errors in cases of discrepancies or mistakes.
• Registration and Compliance with Banco de España: we guide cryptocurrency exchange and custody platforms in their registration and regulatory compliance, ensuring safe and legal operation.
• Adaptation to the MiCA Regulation: we help crypto companies comply with the new European regulation, covering everything from obtaining licenses to implementing anti-money laundering (AML) policies, consumer protection, and compliance auditing.
• Fraud on Web Platforms with Cryptocurrencies. Criminal: we offer legal defense and recovery strategies against fraud or scams on exchanges, wallets, or any digital investment platform.

In an increasingly complex and competitive regulatory environment, having a firm that understands both technology and law is key to minimizing risks and seizing opportunities. In Diem Abogados, in collaboration with its technology partner Cryptoveritas 360, does not only advise: it accompanies, implements, and ensures that your crypto company complies with regulations, integrates secure technological solutions, and thrives in the digital ecosystem.

We guarantee the best possible outcome, whatever your case.

• Personalized and professional service
• Advice on Taxation and Regulatory Compliance
• Assistance in tax, judicial, or other proceedings
• 24-hour contact with your expert lawyer
• Absolute confidentiality

Expert Lawyers in Cryptocurrencies: European Union, Latin America Spain and International Service.

IN DIEM Abogados has a team with experience in previous roles such as Judge, State Attorney, Public Prosecutor, or University Lecturer, which will provide you with peace of mind and confidence, as you will have the best team—competitive and highly prepared—to achieve your objectives and meet your needs.

We are at your disposal for anything you need. You can reach us via IN DIEM Lawyers Phone (+34) 916 353 892. For urgent cases, you can contact us on IN DIEM 24-Hour Emergency Lawyers Phone: (+34) 610 667 452.

Did you know that IN DIEM Abogados offers an online service and an urgent service?

We offer our clients the option of being assisted via video call or videoconference, as well as by telephone, according to our clients’ preference, so that the assistance is as personal as possible, with absolute immediacy, without the need to travel. This service is complemented by communication via email, which facilitates the analysis and delivery of documentation.

Likewise, we offer urgent and 24-hour services for our companies, handling national and international contracting operations.

For more information on the Online Legal Advisory Service HERE, the 24-hour and Urgent Service, HERE, and some recognitions, we leave you this link.

Anything else about IN DIEM Lawyers? Here’s a short presentation video…

Would you like to have an in-person meeting with us? You can find us in Madrid, Las Palmas de Gran Canaria, Tenerife, Málaga, Seville, Huelva, Tomares, Coria del Rio, Dos Hermanas, Mairena del Alcor, Estepona, Marbella, Mairena del Aljarafe… it will be a pleasure to assist you…!!