RegRally Insights: Your Guide to AML/CTF Compliance, August 2025

ECOVIS welcomes you to its monthly newsletter on Anti-Money Laundering and Counter-Terrorist Financing. It is dedicated to everyone who wants to understand the latest trends and developments, get tips from our experts and deepen their knowledge.

EBA Flags Rising AML Risks in FinTech and Crypto

The European Banking Authority’s 2024 ML/TF Opinion reveals a shift in financial crime risks across the EU -from customer profiles to financial products and services, especially in FinTech, crypto, and RegTech.

Key insights:

  • FinTech and crypto sectors are increasingly high-risk due to inadequate AML controls and compliance gaps.
  • Innovation outpaces regulation, with some firms prioritizing growth over legal obligations.
  • Nearly 300 material compliance weaknesses were identified in 2023–2024, often tied to unchecked automation, outsourcing risks, and insufficient in-house oversight.
  • AI-driven fraud (e.g., deepfakes, synthetic IDs) is challenging onboarding and monitoring systems.
  • Sanctions screening remains weak, especially in instant payments and alternative payment channels.
  • The EBA warns that digital innovation must not outstrip AML/CFT controls; firms must act proactively, not reactively.

EBA issues clarifications on PSD2 scope and credit product definitions

The European Banking Authority published new Q&A responses clarifying regulatory interpretations under PSD2 and other EU frameworks. It confirmed that a payment instrument’s definition depends on its functionality and the contractual terms with the provider. The EBA explained that electronic postal transfers may fall under PSD2, while paper-based transfers linked to postal infrastructure may be excluded depending on service design. It also clarified that credit products are considered consumer credit only if tailored exclusively to natural persons, with offerings accessible to legal entities falling outside the Consumer Credit Directive’s scope.

Our recommendations:

  • Review and reassess payment products and instruments to ensure they meet the PSD2 definition, especially for services using new authentication methods or hybrid postal/electronic channels.
  • Evaluate postal and non-standard payment services to determine whether they are within the regulatory perimeter of PSD2. Ensure services provided by dual-role institutions (e.g. postal providers) are properly ring-fenced and comply with applicable segregation requirements.
  • Distinguish credit products based on client type, ensuring marketing, contractual terms, and disclosures are consistent with applicable directives.
  • Update internal policy frameworks and product approval procedures to reflect the latest regulatory interpretations and avoid misclassification risks, particularly concerning payment service scope and credit availability.

Wolfsberg Group updates RBA guidance, urges targeted AML focus

The Wolfsberg Group refreshed its Statement on the Risk-Based Approach (RBA), stressing proportionality, prioritisation, and outcome-driven effectiveness. It urged firms to move beyond checklist AML/CFT compliance and tailor controls to actual risk profiles, shifting resources from low-risk areas to high-risk exposures. Wolfsberg also backed outcomes-based supervision, highlighting the value of measurable effectiveness and mature governance over uniform, one-size-fits-all models.

  • Re‑examine your FCRM framework to ensure it aligns with proportionality and addresses only the types and levels of risk your firm faces.
  • Expect and prepare for updated Wolfsberg guidance per the evolving global AML/CTF paradigm.
  • Replace outdated process‑based metrics with performance indicators that track actual risk reduction and control effectiveness.
  • Assess whether compliance resources are misallocated to low-value monitoring activities and reallocate them to high-risk controls where they will have a real impact.

AMLA launches mandate with crypto sector as top priority

The EU Anti-Money Laundering Authority (AMLA) began its supervisory mandate, placing crypto-asset service providers (CASPs) at the centre of its agenda. With MiCA Regulation rollout, AMLA stressed that CASPs must implement robust AML/CFT controls from the moment of authorisation. While national authorities will handle licensing, AMLA will coordinate to ensure consistent supervision across Member States. It warned that inconsistent AML/CFT application poses systemic risk and will focus its financial intelligence work on cross-border crypto typologies and emerging ML/TF patterns. The 2025 Work Programme confirms crypto as a strategic priority.

If your firm operates across multiple Member States, align internal procedures to eliminate supervisory fragmentation and jurisdictional disparities. Ensure your compliance protocols reflect the intended harmonisation across the EU, minimising exposure to inconsistent national interpretations of MiCA or AML rules.

AMLA and ECB formalise partnership to strengthen the EU’s AML/CFT supervision

On 18 July 2025, the European Anti-Money Laundering Authority (AMLA) and the European Central Bank (ECB) signed a cooperation agreement to bolster efforts against money laundering and terrorist financing across the EU. The agreement formalises collaboration between AMLA and the ECB to improve the effectiveness of AML/CFT supervision within the banking sector, facilitate information sharing, and coordinate supervisory activities. This partnership aims to maximise efficiency, avoid duplication of work, and promote a harmonised regulatory approach across Member States, thereby strengthening the EU’s overall financial security framework.

Newsletter SubscriptionGet in touch
Free initial advice now!

Have a question or need more information?

Send us an e-mail message!