RegRally Insights: Your Guide to AML/CTF Compliance, May 2026

Welcome to the new RegRally Insights: Your Guide to AML/CTF Compliance. This month’s developments highlight a clear regulatory trend: supervisors across Europe are moving beyond formal compliance and focusing on governance quality, sanctions controls, remediation credibility, and active industry engagement in shaping future AML rules.

Lithuania remains particularly active, with significant enforcement actions against financial institutions, increased scrutiny of higher-risk business models, and direct encouragement for market participants to engage in AMLA consultations that will shape the next generation of EU AML/CFT requirements. At the same time, cross-border developments, such as the Swedbank case in Sweden, underscore the growing intersection among AML compliance, executive accountability, and reputational risk.

For regulated firms, the key message is clear: AML/CTF compliance in 2026 requires more than policies on paper. It demands effective controls, accurate regulatory reporting, strong governance, and readiness for a more intrusive and harmonised European supervisory environment.

Lietuvos Bankas (Bank of Lithuania) – Notice inviting participation in AMLA consultations

The Bank of Lithuania, alongside AMLA, is inviting Lithuanian financial market participants to engage with two ongoing AMLA public consultations on draft AML/CFT instruments (see Entry 2 below for details). The notice specifically targets banks, credit unions, payment institutions, electronic money institutions, and other obliged entities supervised by Lietuvos Bankas, encouraging them to submit written comments and participate in the public hearings organised by AMLA.

Lithuanian-supervised institutions should treat this as a direct call to action from their national regulator to engage with the AMLA consultation process.

Participation demonstrates regulatory engagement and may help shape rules that will directly affect day-to-day AML/CFT compliance.

European Merchant Bank UAB – warning, €270,000 fine, and temporary activity restrictions

European Merchant Bank UAB – warning, €270,000 fine, and temporary activity restrictions for AML/CFT and international sanctions control failures, including failure to follow supervisory instructions and submission of inaccurate supervisory information.

Bank must remediate all violations by 30 June 2026 and submit an independent audit conclusion by 30 September 2026. Temporarily prohibited from onboarding new higher-risk clients and restricted in services to existing clients from higher-risk third countries.

Banks and other regulated entities with higher-risk client segments must ensure robust AML/CFT and sanctions controls are in place, especially for enhanced due diligence and transaction monitoring. The temporary activity restriction is a significant escalation signal. Entities with similar risk profiles should conduct an urgent compliance review.

Contact us for AML/CFT compliance support.

AMLA Consults on Risk Assessments and Group-Wide AML Frameworks

AMLA launched two public consultations on draft instruments that will shape how obliged entities identify, assess, and manage money laundering / terrorist financing (ML/TF) risks.

1. Draft Guidelines on Business-Wide Risk Assessment

Sets minimum expectations for all obliged entities when conducting enterprise-wide AML risk assessments, applying proportionality based on size, business model, and risk profile.

  • Consultation open until 15 July 2026
  • Public hearing: 28 May 2026

2. Draft RTS on Group-Wide Requirements

Introduces minimum standards for consolidated AML/CFT frameworks across groups, including cross-border structures and third-country operations. Groups must maintain a holistic view of ML/TF risk across the organisation.

  • Consultation open until 15 June 2026
  • Public hearing: 20 May 2026

Additional development: AMLA also published an updated data model and taxonomy for its 2027 direct supervision selection exercise, with comments accepted until 10 May 2026.

Obliged entities – especially those operating across multiple jurisdictions or with third-country subsidiaries – should review both instruments carefully and consider submitting responses or attending the public hearings.

Contact the Ecovis team for assistance in assessing the impact on existing AML/CFT frameworks and preparing consultation submissions.

Sweden Supreme Court Acquits Former Swedbank CEO in AML-Related Fraud Case

Sweden’s Supreme Court acquitted former Swedbank CEO Birgitte Bonnesen, overturning a 2024 appellate conviction for gross fraud.

The case concerned statements made to the media in October 2018 about anti-money laundering measures at Swedbank’s Estonian branch. Prosecutors alleged the comments misled shareholders and the public regarding the bank’s AML controls in the Baltics.

The Supreme Court held that:

  • the responses were protected by freedom of expression;
  • there was insufficient evidence that Bonnesen intended to spread misleading information affecting the bank’s financial position.

Procedural history:

  • 2023: acquitted at first instance
  • 2024: partially convicted on appeal
  • 2026: fully acquitted by the Supreme Court

The acquittal narrows the scope of executive criminal liability for public communications on AML matters, drawing a distinction between misleading market statements and press responses covered by freedom of expression.

Financial institutions should nonetheless maintain robust internal controls ensuring that executive-level public statements on compliance matters are accurate and consistent with internal assessments – particularly in the context of ongoing regulatory investigations.

Newsletter SubscriptionGet in touch
Free initial advice now!

Have a question or need more information?

Send us an e-mail message!