There is no way to mitigate these risks except the user or criminal in questions opt for a centralized service where they have to give out their personal details to in order to pass KYC checks. That's the thing with decentralized computing systems. No one system have control over other computing systems. As with public blockchains, all transactions are publicly available for anyone to read however, there's no way to link wallets to users unless the user in question explicitly expose themselves.

It's one of the downsides of blockchain and crypto. The good thing right now is there is no service right now that provides on and off fiat ramps without some KYC or AML procedure.