The problem starts from the moment you use a CEX for cashing out the f... Fiat, and not only with XMR, but with all coins. The conclusion is that the best way is to use P2P and privacy-based coins (I don't know any other besides Monero). However, even in this case, you will never know if your coins are 100% "clean".
I am not entirely against CEXs, I want to emphasise that!
Like LoyceV said above, let's say that I (apogio) withdraw 0.1
BTC from Binance and 1 month later you (bias) deposits 0.1
BTC on Kraken and request to sell it and withdraw the FIAT to your account.
Now, in the meantime, we may have transacted P2P and I may have given you that 0.1
BTC.
With BTC, the UTXOs are totally and provably different each time, which means that the 0.1
BTC can be traced back and the authorities can see where it originated from. There are ways to obfuscate the history, like we discussed above.
With XMR, you can think of it as a BTC UTXO, which, by protocol rules, is mixed everytime it's transacted. It's like having the mixing feature plugged-in on the base layer of the blockchain. Which means, that there is no way for Binance and Kraken
to know that you have transacted with me, but they can
guess it is.
That's why the invented the KYC/AML algorithms. Because the want to be able to catch the scenario where I, being a criminal, may send someone my coins and this someone may use them elsewhere. So, the KYC/AML algorithms provide a "score". In our example, if you were to deposit 0.1
BTC that you, somehow, received from an unknown source, they will request all this data, because they are sure,
or they guess that the 0.1
BTC derives from illicit activities. Which is totally annoying, because if you think about it, this guessing game will almost always be completely arbitrary.