The design and enforcement of anti-money laundering laws in the United States involve using financial or technological intermediaries as conduits. Since 1970, the Bank Secrecy Act (BSA) has imposed substantive obligations on centralized financial intermediaries, namely (1) money transmitting businesses that control payment assets and (2) financial institutions. These substantive obligations require intermediaries to collect customers’ identification information and monitor suspicious activities, thereby generating reports and records useful for investigating the flow of dirty money and prosecuting financial crimes. Consequently, the BSA’s effectiveness relies on these intermediaries acting as the de facto gatekeepers to the payment system against dirty money. Yet, this intermediation-based approach may not effectively generate reports and records from various players in decentralized finance (DeFi) payments, including unhosted wallets, decentralized exchanges (DEXs), and noncustodial mixers. They neither qualify as financial institutions nor money transmitting businesses. Therefore, while bad actors may launder dirty money through DeFi, the BSA does not require some of these DeFi players to comply with its substantive obligations. This challenge, along with the decentralization, anonymity, pseudonymity, fragmentation, and transnationality of DeFi payments, limits law enforcement agencies’ ability to obtain useful reports and records. This dissertation calls for new anti-money laundering regimes that do not necessarily rely on financial or technological intermediaries. It argues that the BSA should establish a new standard of payment-controlling business to replace the existing standard of money transmitting business. This standard reflects the view that centralization and decentralization exist on a spectrum rather than in binary. Therefore, this standard would measure the degree of control a player has over payment assets, whether custodial or noncustodial. This measurement considers three dimensions: control over payment clearing and settlement, ownership and custody of assets and balance sheets, and concentration of governance power. The greater a player’s control, the more likely it falls within the scope of the BSA’s regulatory perimeter, and the more suitable the BSA’s substantive obligations are. It also argues for licensing regimes for third-party service providers and DeFi developers, a registration regime for decentralized autonomous organizations (DAOs), as well as strengthened public-private partnerships (PPPs) and mutual legal assistance processes.