/>iOn August 4, 2025, the Financial Crimes Enforcement Network (FinCEN) issued a notice warning financial institutions about escalating illicit activity involving convertible virtual currency (CVC) kiosks. The notice cites increased misuse of CVC kiosks in fraud schemes, drug trafficking, and cybercrime, and identifies operators’ potential violations of the Bank Secrecy Act (BSA) through failures to register, implement anti-money laundering (AML) programs, or conduct customer due diligence.
CVC kiosks—also known as crypto ATMs—allow consumers to exchange cash or cards for cryptocurrency. While marketed as convenient access points, they are also increasingly exploited by criminals, particularly in scams targeting older adults. FinCEN’s analysis draws from law enforcement investigations, Bank Secrecy Act filings, and consumer complaint data.
Key findings from the notice include:
- Elder fraud and scam typologies are surging. Scammers frequently target older adults by impersonating tech support or government agencies, instructing victims to transfer funds via CVC kiosks. Over two-thirds of reported kiosk-related losses in 2024 were sustained by seniors.
- Drug cartels are laundering funds via kiosks. The DEA reports that criminal organizations are using kiosks in high-traffic areas to launder drug proceeds, especially in states with dense kiosk distribution.
- Widespread operator noncompliance with BSA obligations. FinCEN found that many CVC kiosk operators fail to register as money services businesses or implement required AML/CFT programs, making them especially vulnerable to abuse.
FinCEN has found red flags in many CFC kiosk transactions. Many transactions are structured below reporting thresholds, use multiple machines across jurisdictions, or are transactions linked to known fraudulent wallets.
Putting It Into Practice: The notice builds on FinCEN’s 2019 advisory on illicit activity involving CVC and comes amid growing state and federal scrutiny of CVC kiosks. Financial institutions should also evaluate whether vendor relationships or correspondent banking ties expose them to kiosk-related risks, particularly as regulatory expectations evolve.
