Crypto Startup Kontigo Exposes Sanctions Gaps in Stablecoin Payment Rails

A Y Combinator and Coinbase-backed cryptocurrency application has triggered fresh scrutiny of the stablecoin infrastructure industry after apparently processing transactions that raised sanctions compliance questions, according to a fintech industry podcast released this week.

The incident involving Kontigo—a retail-focused crypto payments service—has sparked comparisons to the banking-as-a-service sector's compliance breakdowns, with industry observers questioning whether stablecoin infrastructure providers are repeating the same third-party risk management failures that plagued BaaS partnerships over the past two years.

Jason Mikula and Alex Johnson, hosts of the Fintech Recap podcast, dissected what they called the "WILD story" in an episode published January 16, focusing on the chain of responsibility stretching from Kontigo's consumer-facing service through multiple infrastructure layers. The service relied on what the hosts termed "stablecoin infrastructure" providers including Rain, Checkbook, Bridge, and Stripe, with underlying banking relationships that included JPMorgan Chase and Lead Bank.

The case highlights a structural problem finance chiefs should recognize: the same opacity that created compliance nightmares in BaaS—where banks lost visibility into end customers several layers removed from their balance sheets—now exists in stablecoin payment rails. A retail app can plug into infrastructure APIs, which connect to other infrastructure layers, which eventually touch regulated banking entities. Each intermediary assumes someone else is handling sanctions screening.

The distinction matters because sanctions violations carry different consequences than anti-money laundering failures. While AML breaches typically result in civil penalties and remediation orders, sanctions violations can trigger criminal liability. The podcast hosts emphasized "the impact of sanctions on the everyday people of the countries they're enforced against," noting that compliance failures create ripple effects beyond the companies involved.

What Mikula and Johnson found particularly troubling: Kontigo's situation reveals how quickly stablecoin infrastructure is "speed running" the same mistakes BaaS made. The BaaS model took years to collapse under the weight of inadequate third-party risk management. Stablecoin infrastructure appears to be compressing that timeline, with venture-backed startups layering services atop each other faster than compliance frameworks can adapt.

The responsibility question cuts multiple ways. Should Kontigo have conducted more rigorous due diligence on its own service's compliance implications? Absolutely. But the infrastructure providers—companies positioning themselves as the "picks and shovels" of crypto payments—face harder questions about their own know-your-customer obligations. If you're providing the rails that move money, claiming ignorance about who's riding them won't satisfy regulators.

For CFOs evaluating stablecoin payment solutions, the Kontigo case offers a preview of regulatory risk. The appeal of stablecoin infrastructure is its simplicity: plug into an API, start moving value globally, skip the traditional banking partnership headaches. But that simplicity obscures the compliance stack underneath. When something breaks—and in this case, something apparently did—the question of who's responsible becomes a game of hot potato played with federal regulators as referees.

The podcast hosts pressed on what lessons the industry should draw from the situation. The obvious one: infrastructure providers need robust third-party risk management, the same framework banks are now scrambling to implement for their BaaS partnerships. The less obvious one: venture-backed growth incentives and sanctions compliance make uncomfortable bedfellows. When your business model depends on transaction volume, the temptation to ask fewer questions about transaction sources becomes a feature, not a bug.

As of mid-January, the full regulatory fallout from Kontigo's situation remains unclear. But the pattern is familiar enough to anyone who watched BaaS partnerships unravel: fast growth, light compliance, infrastructure providers claiming they're just neutral platforms, and regulators eventually deciding that neutrality isn't a defense.

The question finance leaders should ask their treasury teams: if we're using stablecoin infrastructure for any payments or treasury functions, do we actually know who's in our compliance chain? Because based on the Kontigo story, the answer is probably no.