Regulatory expectations are sharpening as AML/CFT supervision becomes more data-driven and centralised. This edition highlights key EU and global developments – from AMLA’s new risk methodologies to rising fraud and enforcement trends – that are shaping compliance priorities for 2026.
AMLA Introduces Binding EU-Wide ML/TF Risk Assessment and Supervision Methodologies
On 16 December 2025, AMLA adopted two final Regulatory Technical Standards establishing harmonised EU methodologies for assessing inherent and residual money laundering and terrorist financing risk and for selecting obliged entities for direct AMLA supervision. The RTS replace national approaches with a single, standardised risk model based on predefined indicators, data inputs and scoring logic, significantly reducing supervisory discretion. Risk assessments must aggregate detailed data on customers, products, transactions, geographic exposure, delivery channels and control effectiveness, with limited scope for weak controls to offset inherent risk and with formalised review cycles for higher-risk entities.
The RTS on direct supervision introduce an objective, data-driven selection mechanism, under which only entities meeting defined cross-border activity thresholds are considered, and final designation depends on residual risk scores calculated under the harmonised model. Group-wide risk must be assessed using weighted aggregation rules that reflect higher-risk exposures rather than diluting them. Institutions should reassess business-wide and customer risk assessments, analyse cross-border activity against AMLA materiality thresholds, review group risk aggregation methodologies, and strengthen data governance and control effectiveness frameworks, given their direct impact on supervisory classification.
AMLA Advances EU-Wide AML/CFT Supervisory Framework Ahead of 2028
On 18 December 2025, AMLA announced substantial progress toward harmonised AML/CFT supervision across the European Union. The announcement outlines key instruments that will support AMLA’s future direct supervision of a selected group of high-risk financial institutions from 2028, including a standard ML/TF risk assessment methodology and objective criteria for identifying entities subject to direct AMLA oversight under the AML Regulation. These tools are intended to ensure consistent application of risk indicators, data inputs and supervisory judgments by both national competent authorities and AMLA. As part of the preparatory phase, AMLA has also launched a public consultation on draft implementing technical standards governing cooperation and the transfer of supervisory responsibilities between national authorities and AMLA, with stakeholders invited to submit comments by 27 January 2026.
EU Designates Russia as High-Risk Third Country for AML/CFT Purposes
The European Commission has adopted a delegated act adding Russia to the EU list of high-risk third countries with strategic deficiencies in their anti-money laundering and counter-terrorist financing frameworks. The assessment was carried out independently of the FATF process, reflecting Russia’s current suspension from FATF and the absence of FATF grey- or black-listing. Relying on a technical analysis based on publicly available sources, input from Member States, and assessments by the European External Action Service, the Commission concluded that Russia meets the criteria for high-risk designation under EU AML rules. The delegated regulation is now subject to scrutiny by the European Parliament and the Council, which may raise objections within the applicable scrutiny period before the measure enters into force.
EBA and ECB Report Highlights Rising Payment Fraud Across the EEA
The European Banking Authority and the European Central Bank have published their 2025 Report on Payment Fraud, showing that payment fraud across the EEA continued to increase, with total losses reaching around EUR 4.2 billion in 2024. Credit transfers and card payments remain the main drivers, with fraud predominantly occurring in remote transactions. Strong customer authentication is shown to be effective in reducing fraud when applied. Still, its overall impact is limited by the widespread use of exemptions, some of which, particularly for remote card payments, are linked to significantly higher fraud rates. The report also points to the growing importance of authorised push payment fraud driven by social engineering, and notes that payment service users still bear a substantial proportion of total fraud losses.
ESMA Sets Unified Governance Expectations for Supervised Entities
ESMA has published a concise statement outlining its supervisory expectations for the management bodies of entities under its supervision, consolidating twelve core governance principles applicable across all sectors. The statement confirms that ultimate responsibility for strategy, risk appetite and oversight rests with the management body, irrespective of delegation or committee arrangements. ESMA places strong emphasis on effective challenge by supervisory members, clear leadership, and a strong tone from the top on ethics, conduct and organisational culture. Expectations also cover appropriate board composition, ongoing suitability and effectiveness assessments, structured and continuous training, and substantive engagement with risk management, compliance and internal audit functions. Robust information flows, well-documented decision-making and accurate record-keeping are highlighted as essential, with ESMA indicating that these principles will serve as a practical benchmark in supervisory dialogue and assessments.
Swiss FIPPP Warns of Fraud Risks Linked to Virtual IBANs
The Swiss FIPPP has issued a warning on the growing misuse of virtual IBANs in fraud schemes affecting payment service providers and financial intermediaries. According to the newsletter, vIBANs are increasingly used to create a misleading appearance of domestic banking relationships, while the underlying accounts may be located in other jurisdictions. This opacity has been exploited in a range of fraud typologies, including impersonation and invoice redirection scams, fake investment schemes, romance fraud and fraudulent charity solicitations. The risk extends beyond institutions issuing vIBANs, as intermediaries processing payments may also unknowingly facilitate fraudulent transactions due to limited visibility over the ultimate destination of funds. The FIPPP stresses that reliance on standard IBAN country-code checks is insufficient and calls for enhanced controls to identify jurisdictional mismatches and patterns indicative of vIBAN misuse.
2025 Shows Stable Global ML/TF Risk but Worsening Transparency
The Basel Institute on Governance has published the 14th edition of the Basel AML Index, assessing money laundering and terrorist financing risk across 177 jurisdictions. The 2025 results show that global ML/TF risk remains broadly stable, with only marginal improvement in average scores compared to last year. While many countries recorded slight progress, the data points to convergence around mid-level risk rather than an apparent strengthening of global AML/CFT effectiveness. The report highlights a deterioration in financial transparency, particularly due to persistent weaknesses in beneficial ownership regimes and tax transparency. At the same time, modest improvements were noted in formal AML/CFT frameworks and indicators related to corruption and fraud. Regional divergence is increasing, with some traditionally lower-risk jurisdictions scoring worse, while parts of Sub-Saharan Africa show measurable improvement. The Index also introduces a revised three-tier risk classification to distinguish risk levels across jurisdictions better.
FinCEN Launches Data-Driven AML Enforcement Targeting MSBs at the U.S. Southwest Border
On 22 December 2025, the U.S. Treasury’s Financial Crimes Enforcement Network announced a technology-driven enforcement initiative focused on money services businesses operating along the southwest U.S. border. Using advanced analytics on more than one million Currency Transaction Reports and tens of thousands of Suspicious Activity Reports, FinCEN has issued notices of investigation, made numerous examination referrals to the IRS, and sent over fifty compliance outreach letters to MSBs. The operation targets potential Bank Secrecy Act weaknesses linked to cartel-related money laundering, human smuggling and other serious crimes. FinCEN indicated that identified violations may lead to civil penalties, injunctions or criminal referrals, and reiterated MSBs’ obligations to maintain effective risk-based AML/CFT programmes, ensure proper customer identification, monitor and report suspicious activity, file required transaction reports, and exercise robust oversight of agents and third-party service providers.
FinCEN Intensifies Public–Private Cooperation Against Chinese Money Laundering Networks
On 19 December 2025, FinCEN convened a FinCEN Exchange public–private partnership event with financial institutions, federal law enforcement and U.S. Treasury officials to address systemic money laundering risks posed by organised criminal networks, with a particular focus on Chinese money laundering networks. The discussions highlighted the critical role of Bank Secrecy Act data, advanced analytics and information sharing in identifying and disrupting these networks, which are assessed as posing material risks to the U.S. financial system and national security. FinCEN noted that, following its earlier advisory and financial trend analysis on CMLN activity, it has received hundreds of suspicious activity reports referencing suspected CMLN-linked transactions, involving billions of dollars in potentially illicit flows, underscoring both the scale of the threat and the importance of sustained public–private collaboration.
FATF Publishes Mutual Evaluation Report on Belgium’s AML/CFT Regime
On 19 December 2025, the FATF released its Mutual Evaluation Report (MER) assessing Belgium’s anti-money laundering and counter-terrorist financing framework. The evaluation found that Belgium has a comprehensive legal, regulatory, and institutional AML/CFT structure largely aligned with FATF standards, supported by robust supervisory frameworks and active international cooperation. Reporting entities generally implement customer due diligence and reporting practices effectively. However, the MER identified areas needing improvement, including enhancing operational effectiveness in prosecuting and convicting money laundering and predicate offences, achieving timely asset seizure and confiscation, implementing targeted financial sanctions, applying consistent risk-based supervision across sectors, and translating strategic risk assessments into actionable plans with apparent oversight. Belgium’s inter-agency collaboration and international engagement were noted as strengths, with further focus required to close remaining gaps in outcomes.
FATF/APG Publishes Mutual Evaluation Report on the Maldives’ AML/CFT Framework
On 23 December 2025, the FATF, via the Asia/Pacific Group on Money Laundering (APG), released the Mutual Evaluation Report assessing the Maldives’ compliance with FATF Recommendations and the effectiveness of its AML/CFT regime. The evaluation found that, although the Maldives has established core legal and institutional AML/CFT structures, significant gaps in effectiveness persist. National coordination and strategic oversight are weak, limiting the authorities’ ability to address identified money laundering and terrorist financing risks. Preventive measures and supervision vary across sectors, with banks generally more compliant than non-bank financial institutions and designated non-financial businesses and professions (DNFBPs). The report highlights material deficiencies in beneficial ownership transparency, oversight of money changers and informal value transfer systems, and the implementation of targeted financial sanctions for terrorist and proliferation financing. Law enforcement outcomes, including investigations, prosecutions, and asset confiscation, remain limited relative to the country’s risk profile.
Newsletter Subscription
Get in touch