Curaçao Issues First Crypto Compliance Rules for Licensed Casinos

Key Points

• Crypto compliance guidelines by the Curaçao Gaming Authority were published for the first time in June 2026 for the benefit of B2C online gambling licensees.
• Immediate banning will occur for sanctioned wallets, crypto mixers, privacy coins with untraceable transaction history, and operators operating as exchanges/VAps.
• Compliance needs to be completed by June 2027 for wallet segregation, blockchain analysis, and record keeping.

For the first time, the Curaçao Gaming Authority has put its crypto expectations in writing. The new policy covers every stage of a digital asset transaction and hands B2C online gambling licensees a firm deadline: full compliance by June 2027.

CGA marketing and PR advisor Aideen Shortt shared the guidelines publicly on LinkedIn. Effective June 2026, the rules reach beyond individual licensees to every group entity that touches crypto on their behalf, from the point of deposit through to treasury operations.

What the CGA Is Now Requiring?

The CGA has drawn a hard boundary between gambling and financial services. Operators can take crypto as a payment method for gambling. That is where their role ends. Running an exchange, acting as a custodian, converting crypto to fiat for users, or offering any form of swap or wallet service is prohibited outright.

The CGA is requiring “blockchain analytics capability” but has not locked operators into a specific provider. Chainalysis, Elliptic, and TRM Labs are cited as examples. The chosen solution, whether a single platform or a combination of systems, must screen wallets at deposit, risk-score transactions, trace fund origins, flag exposure to prohibited sources, and check destination wallets before any withdrawal clears.

The policy makes the baseline clear: “Licensees do not need to be blockchain analysts but cannot operate blindly about the crypto transactions that relate to their operations under their CGA-issued license.”

Fiat-backed regulated stablecoins are the preferred asset class under the new framework. Privacy coins, including Monero, Zcash, Dash, and Litecoin’s MWEB extension, must be rigorously assessed before acceptance given their ability to obscure transaction data. Meme tokens need to be categorised by liquidity profile, governance maturity, and financial crime risk. Wrapped tokens and bridged assets are off the table wherever the origin of the underlying asset cannot be independently confirmed.

Funds that have passed through mixers or tumblers are banned. So are assets tied to any sanctioned wallet address.

Wallet Rules Tighten Across the Board

Wallet structure is where many operators will feel the sharpest pressure. Every wallet tied to the licensed operation must be owned or controlled by the licensed legal entity or an approved group entity. Personal wallets, wallets connected to ultimate beneficial owners, employee wallets, and informal arrangements are all prohibited.

Function-based segregation is mandatory. Player-flow, operational, and treasury wallets must be kept separate, with player funds ringfenced to prevent any commingling with company money. Hot wallets can handle day-to-day transactions, but balances must be kept to what operations strictly require. Warm wallets carrying liquidity need enhanced access controls. Cold wallets for treasury and reserves must have documented key management, reconciliation, and auditability in place.

Withdrawals should, by default, go back to the same wallet and in the same crypto asset as the original deposit. Where that is not practical, a different destination address can be used, but only if it has cleared KYC and AML checks. Any currency conversion must go through a regulated VASP.

The Compliance Timeline

The CGA has divided compliance into four distinct stages. The first took effect immediately in June 2026, covering the outright bans: sanctioned wallets, mixers, prohibited crypto assets, personal or UBO-linked wallets, and any operator still functioning as an exchange or payment provider.

September 2026 brings the first active requirement. Operators must upload a crypto compliance policy to the CGA portal by then, complete with an internal adoption timeline and evidence that the business has started building the expertise and staffing its crypto operations demand.

December 2026 is when the groundwork must be finished. Documented risk assessments, VASP due diligence, wallet ownership controls, transaction monitoring procedures, and staff training all need to be in place by that point.

June 2027 will be the last date. Wallet segregation, real-time blockchain analytics, reconciliation procedures, withdrawal whitelisting, and audit-ready documentation should all be fully functioning. The CGA has always retained the flexibility of bringing forward the dates depending on any risks that might emerge before then.

A Tighter Framework Built on Earlier Foundations

The June 2026 policy did not appear from nowhere. Its foundations were laid in December 2024, when Curaçao’s National Ordinance on Games of Chance, the LOK, came into force. The LOK scrapped the old master-and-sub-licence structure, installed the CGA as the direct licensing and supervisory authority, and pulled crypto inside the standard B2C licence. Wallet disclosure, on-chain monitoring, and the exclusion of anonymous crypto platforms were already licensing conditions. What the new policy does is spell out, in operational terms, what meeting those conditions actually looks like.

Enforcement has been tightening on other fronts too. On 1 July 2025, the CGA announced it would issue formal cease and desist letters to Curaçao-registered companies running under foreign gaming licences. The authority called those arrangements unlawful under the LOK and warned that B2B providers, payment processors, and other suppliers knowingly servicing those companies risked being treated as complicit in illegal activity.

The Signal for the Offshore Market

Curaçao built its position as the default home for crypto gambling partly because earlier licensing frameworks asked very little about where tokens came from or who the players were. That era is closing.

The pressure is not unique to Curaçao. In February 2026, the UK Gambling Commission announced it was examining whether a regulated path could be created for cryptoasset payments for licensed operators, with anti-money laundering controls and consumer protection at the centre of that work. In addition to the above requirements for the regulation of VAs, the new policy from CGA includes the Travel Rule from the Financial Action Task Force, which obligates originator and beneficiary identification to be sent along with the VA transfer between the regulated entities.

For operators who relied on the quickness and lightness of crypto regulations, the situation has changed; now they have to deal with traceable transactions, control documentation, segregation of infrastructure, and more rigorous compliance records. The deadline is June 2027. Work begins now.

Expert Analysis

This is not a procedural update. The CGA is asking offshore operators to build the kind of compliance infrastructure that regulated fiat-currency casinos have operated for years, under a phased but non-negotiable timeline. The immediate prohibitions on mixers, sanctioned wallets, and exchange-style activity strip out the most exposed practices from day one. What comes next is harder. June 2027 will see a requirement for operators to demonstrate traceability, risk rating, and auditing of each and every transaction on their platform. This will certainly be difficult for those businesses that have relied upon crypto systems with low overhead costs; it will involve more than just posting a policy document online.