The Financial Action Task Force (FATF) published guidance for government investigation teams to recover bitcoin (BTC) and other digital assets used in criminal activities. This, taking into account that more than 80% of jurisdictions show low effectiveness in seizures.
The Asset Recovery Guide and Best Practices details quick steps from policies to victim returns. “Public blockchains provide immutable, real-time ledgers that support rapid tracing and retrieval,” the FATF states in its publication.
With the new set of recommendations, bitcoin seizures can be made more effectively and quickly than traditional high-value assets, such as observe Chainalysis in its report published today November 13, 2025. Its research recently revealed that more than 90,000 bitcoin remain illicit, awaiting seizure by governments.
The guide urges prioritizing digital assets to protect global financial systems. And regarding this, the FATF demands treat bitcoin and cryptocurrencies as a distinct asset class. It also calls for accelerating laws that add clarity to achieve speed in seizures.
The guide insists that training should begin from initial contact with the suspect or crime scene. It recommends training not only money laundering and terrorist financing experts, but also non-financial personnel, such as general police officers, to identify bitcoin and cryptocurrency immediately. This includes seizing hardware wallets during raids, seed phrases in documents or digital files, accounts on exchanges, and cryptoasset wallets on devices linked to crime.
However, the FATF guide, although exhaustive in aspects such as tracking, initial seizure and secure storage using cold wallets or multi-signature wallets, presents a notable omission in specific recommendations to prevent internal theft during judicial custody of virtual assets.
This omission becomes particularly evident when considering real cases such as the one that occurred in Spain in April 2025. In that country, an employee of the judicial administration in Marbella was arrested for the theft of approximately 17 million euros in seized crypto assets, in what became the largest operation of this type in the country to date.
The incident, investigated by the National Police, revealed vulnerabilities in internal custody protocols. This is because the suspect accessed the private keys of digital asset wallets under judicial control, transferring the funds to personal accounts after waiting three months to avoid immediate detection.
In direct response to the April 2025 theft, the Spanish Ministry of the Interior awarded Prosegur on November 11, 2025 a contract for 2.8 million euros (about $3.24 million) for the cloud management and custody of bitcoin and cryptocurrencies seized in police raids, as reported by CriptoNoticias.
If anything, the gap in the FATF guidance—which does not explicitly address insider threats such as background checks, periodic audits, or access segregation for judicial staff—underlines the need for countries to complement these global recommendations with more robust local policies.
While the document emphasizes preserving the value of assets through transfers to national custody programs (such as Peru’s National Seized Assets Program), does not offer detailed strategies to mitigate corruption risks or internal neglect in prolonged custody phases, which could inspire future updates based on lessons from incidents such as Spanish.