Are crypto mixers becoming harder to ignore because of the AMLR?
Why crypto mixers matter for AML compliance
Crypto mixers, also known as tumblers, are tools that enhance the anonymity of users of cryptocurrencies. They do so by shuffling cryptocurrencies from multiple users to hide the original source and destination of funds. The purpose is to reduce traceability on a blockchain: by mixing the transaction with those of others, it is significantly more complicated to trace the original source or destination of the crypto-asset. But mixers have two sides of the same coin: they provide increased privacy for genuine users, while at the same time allowing bad actors to hide their finances. This is particularly relevant during the layering phase of money laundering. The main goal in this second phase of money laundering is to distance funds from their criminal source by creating multiple transaction layers that complicate audit trails. A mixer can be used as an effective tool for this specific purpose: in a single step, the transaction trails that would otherwise be visible on the blockchain are harder to trace from their original source. In practice, this means that for crypto-asset service providers (CASPs), screening customers only at onboarding is not sufficient. When a customer deposits funds that have been routed through a mixer or when a transaction is directed to an address associated with one, the customer’s identity alone is insufficient to assess the origin or destination of the funds. CASPs must therefore also assess the transaction history of both incoming and outgoing funds.
How the AMLR affects mixer-related risks
The Anti-Money Laundering Regulation (AMLR), which will apply from 10 July 2027, introduces obligations aimed at reducing the risks associated with crypto mixers. More broadly, the AMLR will require CASPs to conduct ongoing monitoring of business relationships, including scrutiny of transactions throughout the relationship to ensure that they are consistent with the CASP’s knowledge of the customer and their risk profile.[1] This is particularly relevant to mixer exposure, which may only become apparent after onboarding.
Anonymous accounts
First, mixers can be used to obscure the origin or destination of crypto-assets and frustrate attempts to trace transaction flows, for example until the assets can be transferred, exchanged or cashed out. An anonymous crypto-asset account at a CASP could further facilitate this process by providing access to the regulated financial system without a clearly identifiable account holder. The AMLR will address this risk by prohibiting CASPs from maintaining anonymous accounts or accounts that otherwise enable the anonymisation of the account holder or the masking of transactions.[2]
Self-hosted addresses
Second, transfers to or from self-hosted addresses may expose CASPs to mixer-related risks. Standard KYC alone does not provide sufficient insight into the transaction history of the crypto-assets involved. The AMLR will therefore require CASPs to identify and assess the money laundering and terrorist financing risks associated with such transfers and to have appropriate internal policies, procedures and controls in place.[3] Where blockchain monitoring or other risk indicators point to mixer exposure, CASPs may need to apply proportionate mitigating measures, such as obtaining additional information on the origin and destination of the crypto-assets or conducting enhanced ongoing monitoring.
Customer due diligence
Third, mixer exposure not only affects how funds move but also raises questions about their origin and purpose. As part of customer due diligence, CASPs will have to assess and, where appropriate, obtain information on and understand the purpose and intended nature of the business relationship or occasional transaction. Where funds appear to have passed through a mixer, this may require the CASP to obtain further explanation and documentation regarding the origin or the destination of those funds before proceeding. [4]
Enhanced due diligence
Finally, where mixer exposure or other suspicious indicators point to a higher-risk transaction, CASPs may be required to apply enhanced due diligence. This includes examining the origin and destination of the funds and the purpose of transactions that are complex, unusually large, conducted in an unusual pattern or lack an apparent economic or lawful purpose.[5]
In practical terms, funds that have passed through a mixer can represent a higher-risk indicator that may oblige CASPs to conduct enhanced due diligence and may, depending on the circumstances, give rise to a suspicious transaction report. Risk-based monitoring must cover incoming as well as outgoing activity, an aspect that can be overlooked in practice. CASPs must assess not only where crypto-assets are being sent but also the origin of incoming deposits where relevant. Incoming deposits should therefore be included in the CASP’s transaction-monitoring framework.
Practical consequences for CASPs
In practice, this will have a significant operational impact on CASPs. Key implications include:
- Blockchain analytics: Blockchain analytics tools can support the mapping of transaction chains and the identification of mixer exposure and other risk factors.
- Risk-scoring: Risk-based rules and scoring mechanisms can help CASPs prioritise alerts and determine the appropriate follow-up action.
- Customer profiling and ongoing monitoring: CASPs should establish the customer’s expected transaction profile, including relevant use of self-hosted wallets, and monitor subsequent activity for inconsistencies or mixer exposure.
- Escalation procedures for suspicious activity: Clear internal procedures must be in place for reporting and following up on suspicious activity.
- Staff training: Compliance and operational staff must be equipped to recognise mixers and related transaction patterns as part of internal controls.
- Better documentation: Risk assessment and monitoring decisions must be demonstrably recorded.
- Higher compliance costs: The required technology, staffing and process changes are likely to increase compliance costs for CASPs.
Conclusion
Crypto mixers illustrate why the AMLR will require CASPs to look beyond customer onboarding. The Regulation does not impose a general prohibition on mixers, nor does exposure to a mixer automatically make a transaction suspicious. It will, however, require CASPs to assess the risks associated with crypto-asset flows throughout the business relationship and to take proportionate action where relevant risk indicators arise.
The key question is therefore not whether CASPs can eliminate mixer exposure, but whether they can identify, assess, document and escalate it effectively. This requires more than blockchain analytics alone. Customer risk profiles, transaction-monitoring controls, internal procedures, reporting lines and staff knowledge must operate as one coherent framework.
Compliance Champs supports CASPs in translating regulatory requirements into practical and proportionate controls. Through risk assessments, reviews of policies and procedures, compliance monitoring and reporting, training and implementation support, we help organisations identify gaps and strengthen their AML framework. Contact Compliance Champs to assess whether your current framework is ready for the AMLR.
Do you seek support and assistance in enhancing your Crypto Compliance Framework?
Please reach out to us on: info@compliancechamps.com
Read more articles here.
[1] Article 26, Regulation (EU) 2024/1624
[2] Article 79, Regulation (EU) 2024/1624
[3] Article 40, Regulation (EU) 2024/1624
[4] Article 20 and 25, Regulation (EU) 2024/1624
[5] Article 34, Regulation (EU) 2024/1624

