Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

IFSLeaseWorks is now part of Abrigo.

Diversify your portfolio and earn additional interest income. End-to-end lease origination and administration automation make it possible.

Read the press announcement

Looking for TPG Software? You are in the right place!

TPG Software is now part of Abrigo. You can continue to count on the world-class Investment Accounting software and services you’ve come to expect, plus all that Abrigo has to offer.

Make yourself at home – we hope you enjoy being part of our community.

AML/CFT Financial Crime Fraud Prevention

Cryptocurrency ATM monitoring: ATM or BTM, knowing the difference

Terri Luttrell, CAMS-Audit, CFCS
Joann Millard, CAMS
May 13, 2026
0 min read

At first glance, a machine in a store might look like a standard Automated Teller Machine (ATM). Some are traditional ATMs that dispense cash. Others are cryptocurrency ATMs, often called Bitcoin teller machines (BTMs), that allow customers to buy or sell cryptocurrency using cash. They may share a similar name, but they operate very differently and pose distinct risks and compliance expectations for financial institutions.

As cryptocurrency adoption continues to expand, more merchants are installing BTMs to generate additional revenue. This trend makes cryptocurrency ATM monitoring an increasingly important part of a financial institution’s risk management program. During site visits and customer reviews, staff can no longer assume that every machine functions under traditional ATM rules.

Why BTMs require closer attention

Unlike a traditional ATM, a BTM facilitates the exchange between fiat currency and cryptocurrency. This activity typically classifies the operator as a money services business (MSB), which brings added regulatory obligations under the Bank Secrecy Act (BSA) and anti-money laundering (AML) requirements.

From a risk standpoint, BTMs introduce several concerns:

  • The potential for pseudonymous transactions, depending on controls
  • Rapid movement of funds across jurisdictions
  • Increased exposure to fraud and illicit activity
  • Third-party operators with varying levels of compliance maturity

Financial institutions already understand that higher-risk products require stronger oversight. As expectations for BSA and AML programs continue to evolve, maintaining awareness and control over emerging channels, such as BTMs, is essential.

This article covers these key topics:

Regulatory expectations for BTM operators

Financial institutions should expect BTM operators to meet specific regulatory and compliance requirements. Gaps in these areas may indicate elevated risk.

  • Registration and licensing
    BTM operators must register as an MSB with the Financial Crimes Enforcement Network (FinCEN). Many states also require a money transmitter license or additional cryptocurrency-related licensing.
  • AML program requirements
    A compliant operator should maintain a written AML program that includes:
  • Customer identification and verification procedures
  • Ongoing transaction monitoring
  • Suspicious activity reporting
  • A designated compliance officer
  • Independent review
    Operators should conduct independent audits of their AML program and utilize appropriate monitoring procedures. These tools help identify exposure to high-risk wallets, sanctioned entities, or suspicious transaction patterns.

Banking relationships
Because BTMs require a financial institution to facilitate cash flow, the operator’s compliance posture directly impacts the bank or credit union. This underscores the importance of due diligence and ongoing oversight.

This is where cryptocurrency ATM monitoring plays a key role. Understanding who owns, operates, and manages the machine is foundational to assessing risk.

Third-party risk

A common challenge is that merchants do not always own the BTM located on their premises. In many cases, a third-party provider installs and operates the machine, and the merchant receives a share of the revenue.

This type of arrangement can introduce additional third-party risk that is not always obvious at first. For example:

  • The merchant may rely entirely on the operator’s AML program
  • The financial institution may have limited visibility into transaction activity
  • Compliance accountability may be unclear or misunderstood

In some situations, merchants are unaware of the regulatory requirements tied to BTMs. Unscrupulous providers may place machines without fully explaining the responsibilities involved. That lack of transparency can expose both the merchant and the financial institution to risk.

Even when the merchant is not the operator, the presence of a BTM should influence how the relationship is risk-rated and monitored.

Need help fighting fraud?

Learn more

Customer due diligence and risk rating

Financial institutions should incorporate BTMs into their customer due diligence and risk assessment processes.

At onboarding and during periodic reviews, consider:

  • Does the customer own, operate, or host a BTM?
  • Who is responsible for regulatory compliance?
  • Is the operator registered with FinCEN?
  • Is the appropriate state licensing in place?

The presence of a BTM does not automatically make a customer high risk. However, it should prompt a closer evaluation of the customer’s overall risk profile and may warrant enhanced due diligence.

Ongoing monitoring is equally important. Changes in ownership, transaction volume, or business activity should trigger reassessment.

Red flags

In addition to understanding the structure of the relationship, financial institutions should be aware of transactional red flags associated with BTMs. Incorporating these into your cryptocurrency ATM monitoring processes can help identify potential issues early.

Examples of suspicious activity may include:

  • Repeated cash deposits followed by immediate cryptocurrency purchases
  • Customers structuring transactions to avoid identification thresholds
  • Multiple individuals using the same machine in a coordinated manner
  • Unusual transaction volumes inconsistent with the business type
  • Customer complaints indicating confusion or possible fraud

These patterns should be evaluated within the institution’s existing suspicious activity monitoring framework and escalated when appropriate.

Internal processes and training

Effective cryptocurrency ATM monitoring requires coordination across multiple teams. Frontline staff, lenders, and BSA professionals all play a role in identifying and managing risk.

Financial institutions should:

  • Train staff to recognize BTMs during site visits
  • Update procedures to require documentation and photos of machines
  • Enhance customer questionnaires to include cryptocurrency-related questions
  • Ensure BSA and AML teams understand how BTM activity fits into monitoring systems

A lack of awareness at the frontline level can lead to missed risk indicators. Ongoing training and clear communication help ensure that emerging risks are consistently identified and addressed.

Practical steps

To strengthen your approach, consider implementing the following:

  • Ask all business customers whether they have an ATM or a BTM
  • Identify who owns and operates the machine
  • Obtain FinCEN registration details and verify licensing where applicable
  • Maintain copies of BTM agreements, including AML compliance language
  • Incorporate BTM activity into your risk assessment and monitoring processes

If agreements do not clearly address compliance responsibilities, that may signal a need for further review.

Looking ahead

Cryptocurrency and alternative payment channels continue to evolve. As adoption increases, regulators are likely to maintain or expand their focus on these areas.

Financial institutions that take a proactive approach to cryptocurrency ATM monitoring will be better positioned to manage risk, support their customers, and meet regulatory expectations. This includes building scalable processes, leveraging technology where appropriate, and ensuring staff are equipped with the knowledge they need.

Understanding the difference between an ATM and a BTM is no longer a minor detail. It is a necessary step in maintaining a strong, risk-based compliance program in a rapidly changing financial landscape.

Whitepaper

Ahead of the curve: A banker’s podcast – Data quality, AI, and the future of financial crime compliance

Read More
Webinar

Telegram fraud exposed: Inside the cybercrime economy fueling financial fraud

Read More
Webinar

Hot topics in AML & fraud: What to watch in 2026

Read More

FAQs

What is a BTM?

A BTM, or Bitcoin Teller Machine, is a kiosk that allows users to buy or sell cryptocurrency using cash, debit cards, or digital wallets. For banks and credit unions, BTM activity may require monitoring as part of AML transaction monitoring and financial crime compliance workflows.

What is the difference between an ATM and a BTM?

An ATM allows customers to access traditional banking services, while a BTM, or Bitcoin Teller Machine, allows users to buy or sell cryptocurrency. For banks and credit unions, understanding the difference helps BSA/AML teams identify crypto-related transaction activity that may require enhanced monitoring.

Why should financial institutions monitor cryptocurrency ATM activity?

Financial institutions should monitor cryptocurrency ATM activity because it can create elevated fraud, money laundering, and scam risk. AML transaction monitoring software can help banks and credit unions detect unusual cash withdrawals, rapid movement of funds, or customer behavior connected to crypto scams.

What red flags may indicate suspicious BTM-related activity?

Suspicious BTM-related activity may include repeated cash withdrawals, transactions inconsistent with a customer’s profile, elderly customers sending funds after coercion, or activity tied to known crypto scam patterns. Abrigo-related AML/CFT workflows can help financial institutions identify, investigate, and document these red flags more consistently.

How can banks and credit unions reduce risk from cryptocurrency ATM transactions?

Banks and credit unions can reduce cryptocurrency ATM risk by combining staff training, customer education, risk-based monitoring, and clear escalation procedures. Financial crime compliance software can support this process by centralizing alerts, customer data, investigation notes, and SAR decisioning.

About the Authors

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

Joann Millard, CAMS

Senior Financial Crimes Investigator
Joann Millard is a Certified Anti-Money Laundering Specialist and a member of ACAMS. She has been with Abrigo since June 2020 when she worked as a contractor and became an employee in March 2021. Prior to that, she spent 25 years in the banking industry working in Jefferson City, MO

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.