RegRally Insights: Your Guide to AML/CTF Compliance, December 2025

From tougher EU AML expectations and crypto-risk oversight to rising enforcement actions and major UK reforms, this December edition of RegRally Insights brings you the developments that will shape compliance strategies in 2026.

AML Centre Flags Recurring Compliance Gaps and Need for Stronger Controls

The Centre of Excellence in Anti-Money Laundering has published an analysis identifying the most common weaknesses in market participants’ AML/CTF frameworks. The review highlights four core themes:

• Recurring breaches in core AML obligations. The most frequently cited violations relate to Articles 9, 17, 22, and 29 of the Law on the Prevention of Money Laundering and Terrorist Financing, which govern customer due diligence, ongoing monitoring, internal controls, and reporting requirements. Strengthening compliance in these areas is essential to reducing systemic errors and avoiding significant sanctions.
• Unclear severity thresholds underscore the need for cooperation. Sanctions currently range from warnings to licence withdrawal, but the risk severity associated with different breaches is not always transparent. Enhanced public–private collaboration is necessary to understand better where failures occur and prevent their recurrence.
• Competence gaps remain, especially in customer identification. Client identification remains the primary source of errors. More targeted training, practical workshops, and remediation-focused sessions are needed to raise competency levels across institutions.
• Upcoming EU legislation will increase expectations. Forthcoming rules—such as the AMLA Regulation and the Sixth AML Directive—will require institutions to enhance systems, invest further in controls, and prepare for heightened supervisory scrutiny.

The Centre emphasises the importance of a strong compliance culture, where prevention is embedded into daily operations, and mistakes are treated as opportunities to strengthen trust and resilience.

European Parliament Analysis Highlights EU AML Transformation and Crypto Risks

In November 2025, the European Parliament outlined how the new EU anti-money-laundering framework and the creation of AMLA will reshape supervision across the Union. The report emphasises that digital finance—including crypto-assets, blockchain activity, and decentralised finance—is now central to money-laundering risks, with illicit flows increasingly moving through cross-border digital channels. Crypto-asset service providers are formally recognised as obliged entities, subject to customer due diligence, monitoring, and reporting obligations equivalent to traditional financial institutions. The analysis also notes that fully decentralised models largely remain outside current regulation, underscoring the need for AMLA to deploy advanced technological tools, such as blockchain analytics and real-time monitoring, to ensure comprehensive oversight. The report positions AMLA, in coordination with the EBA and ESMA, as a key driver of EU leadership in digital-finance AML standards.

FATF Issues Modernised Global Guidance on Asset Recovery

In October 2024, FATF released updated guidance on asset recovery, modernising international standards for detection, tracing, restraint, confiscation, management, and return of assets. The guidance frames asset recovery as a full operational cycle, integrating financial investigation methods with safeguards for fundamental rights and due process. Key updates include an emphasis on rapid interim measures—critical for addressing digital payments and crypto-asset transfers—and recognition of non-conviction-based confiscation on par with conviction-based approaches. The guidance also strengthens cross-border enforcement by obliging jurisdictions to act on foreign orders, with practical case studies demonstrating implementation in both traditional and digital-asset contexts.

ESMA Highlights Rising Enforcement Activity and Cross-Border Disparities in 2024

ESMA’s 2024 annual enforcement review shows significant differences in how national authorities apply sanctions under MAR and MiFID II. Administrative fines across the EU totalled €100 million, up from €71 million in 2023, with Germany imposing the most significant single fine of €12.9 million. MAR-related enforcement was particularly active, with 377 actions in 24 Member States targeting market manipulation, insider trading, and transactions by managers. The report stresses that cross-border firms cannot assume uniform enforcement and that robust, harmonised compliance frameworks remain critical as ESMA continues to coordinate supervisory actions.

UK Introduces Mandatory Director and PSC Identity Verification at Companies House

In November 2025, the UK implemented mandatory identity checks for all new company directors and persons of significant control (PSCs), with a phased rollout for existing registrants over the following year. The reform strengthens transparency in the corporate registry, reduces risks of false filings, and supports anti-money laundering efforts by providing more reliable data for KYC and risk assessments. It also increases the operational costs of anonymity schemes, such as shell companies and nominee directors, enhancing overall corporate governance and regulatory oversight.

EU Proposes Mandatory Vetting of Social Media Ads to Prevent Financial Scams

The European Union is preparing regulatory measures that will require major social media platforms to screen advertisements for scams before publication. Ads promoting financial services or investments would be permitted only if the advertiser is a registered or legitimate provider. The initiative aims to curb fraudulent schemes that exploit online ad channels and reduce consumer losses across the EU, reflecting growing concern over the widespread use of scam advertising on social media.

UK Designates FCA as Single AML/CTF Supervisor for Legal, Accountancy, and Trust Service Providers

The UK is reforming anti-money laundering and counter-terrorist financing supervision by appointing the Financial Conduct Authority (FCA) as the sole supervisor for legal, accountancy, trust and company service providers. The reform strengthens the FCA’s duties, powers, and accountability through proposed legislation, introduces a consistent risk-based supervisory approach, and adds new responsibilities, including registration, gatekeeping, and monitoring unregistered activity. Enhanced enforcement tools, such as issuing directions and requiring third-party reviews, aim to improve oversight and ensure adequate supervision.