Financial institutions (FIs) across the US are increasingly capitalizing on the efficiency and accuracy gains offered by AI and ML technologies. However, as they do so, these systems are increasingly falling within the scope of regulatory oversight. This article explains:

• The AI regulation landscape in the US.
• What firms can expect going forward.
• How to make sure your firm is using AI effectively.

AI regulations in the US and their impact on AML

As of early 2025, there is no unified national approach to AI regulation in the US. Instead, its AI governance framework is a patchwork of individual state laws and federal initiatives. These tend to outline principles for the use of AI and encourage firms to participate in voluntary agreements, but stop short of enforcing comprehensive rules. However, they offer a guide to how regulators view the use of AI and indicate the direction future AI legislation may take. 

Federal AI regulations

At a federal level, several pieces of legislation and executive orders have been introduced that tackle some aspects of AI governance. In general, these have recognized the benefits of AI in financial services, including its ability to enhance AML compliance, while emphasizing the need for fairness and transparency in its use. Key examples are: 

• The National Artificial Intelligence Initiative Act: Although it is not explicitly devoted to regulating the use of AI, this legislation does include measures around risk management, privacy, and security. It was introduced in 2020. 
• A Blueprint for an AI Bill of Rights: Issued in 2022, this executive order offered guidance on using AI ethically, covering subjects like testing, algorithmic discrimination protections, data privacy, explainability, and opt-out measures. 
• A Roadmap for Artificial Intelligence Policy: Written by a bipartisan Senate AI working group, this noted the importance of protecting workforce rights, privacy, and transparency while encouraging AI innovation. 
• National AI R&D Strategic Plan: This urged legislators to capitalize on the opportunity to adopt emerging technologies, establish a comprehensive data privacy framework, and mitigate long-term risks. 
• Bipartisan Task Force Report on AI: Published in 2024, this was a comprehensive report and series of recommendations on the use of AI across multiple sectors, including financial services. Recommendations included safeguarding data quality and security, improving regulatory expertise with AI, ensuring AI adoption conforms to existing consumer protections, and making sure regulators did not impede small firms from using AI tools. 
• Executive Order on Advancing US Leadership in AI Infrastructure: As one of his final acts as President, Joe Biden passed an executive order demanding that the development of AI infrastructure adhere to five principles: US national security and AI leadership, economic competitiveness, clean energy, community support and cost-effectiveness, and labor standards and safeguards. 
• Executive Order on Removing Barriers to American Leadership in AI: Introduced in the early days of the second Donald Trump Presidency, this promotes the development of AI systems “free from ideological bias” and revokes certain previous initiatives, including one Biden-era executive order intended to address AI risks. 

Some federal agencies have also guided firms on how to use AI. In a 2021 speech, the head of the Federal Reserve stressed the importance of explainability when using AI to avoid a “black box” approach, where firms rely on decisions made by an AI model without understanding how they were made. 

Likewise, in 2024, the acting chairman of the Office of the Comptroller of the Currency (OCC) stated that AI tools were essential to combat new fraud typologies centered around the use of deepfakes. He also called for FIs to maintain strong AI governance and oversight frameworks, including regular testing, to prevent outcome bias. 

Focusing more explicitly on financial crime, the US Treasury Department’s 2024 National Strategy for Combatting Terrorist and Other Illicit Financing highlighted the transformative potential of AI-based technologies in enhancing FIs’ AML compliance by focusing on how AI can analyze vast amounts of data to uncover patterns related to illicit financing. 

State AI regulations

In the absence of overarching federal AI regulations, many individual states have passed or started to consider their own legislation. As of September 2024, according to the National Conference of State Legislatures (NCSL), 48 states and jurisdictions within the US have at least begun work on bills related to AI in some way. Some of the most consequential laws passed include: 

• The Utah Artificial Intelligence Policy Act: This requires all firms to disclose whether they use generative AI (GenAI). It also makes them liable for any violations of consumer protection law committed through the use of GenAI. 
• The Colorado AI Act: This covers issues related to algorithmic discrimination across financial services, insurance, health, welfare, and employment. The Act is due to come into effect in February 2026. 
• The California Generative AI: Training Data Transparency Act mandates firms that use GenAI to publish explanations of the data used to train their models. Governor Gavin Newsom vetoed a broader bill focused on the safety testing of AI models and legal liability for AI developers even after it was passed by state legislators. 

Upcoming AI regulation updates in the US: 2025 and beyond

The US is likely to continue to take a lighter-touch approach to AI regulation than other jurisdictions. At a February 2025 summit in Paris, the US (along with the UK) notably did not sign an international agreement on an “open, inclusive, and ethical” approach to AI because of the government’s concerns it could stifle American competitiveness. As signaled by the appointment of the country’s first “AI and crypto czar,” you can expect a business-friendly approach to AI oversight in the short and medium term. 

Several pieces of in-progress AI legislation have been introduced in either the US Senate or the House of Representatives. While most of these are expected not to be passed, two bills promoting AI research and development – the AI Advancement and Reliability Act and the CREATE AI Act – have gained bipartisan support, indicating that AI progress will continue to be high on the agenda for the US administration. 

In June 2024, the US Treasury issued a Request for Information (RFI) to understand how FIs use AI, especially for AML compliance purposes. While not a definitive commitment to any regulatory agenda, this indicates a willingness to shape future regulations around firms’ needs and challenges. 

The State of Financial Crime 2025

Get ahead on current compliance trends and upcoming regulatory priorities with our fifth annual state-of-the-industry report.

Download your copy

Tips for effective AML compliance in an evolving AI landscape

Although your use of AI is not yet regulated in the same way as other elements of your compliance setup, future regulatory developments could impact your business. Existing government measures and regulatory trends point towards a clear set of best practices you should use to guide your adoption of AI, future-proofing your business and mitigating against costly changes to your tech infrastructure. To do this, you can: 

• Adopt explainable models: In our State of Financial Crime 2025 survey, 91 percent of firms said they were comfortable compromising explainability for greater automation. However, regulators will expect your firm to demonstrate why and how it made decisions on compliance cases, which makes the use of explainable AI (XAI) a priority. Aside from helping to avoid regulatory action, XAI can also build customer trust, engineer constant improvement to compliance processes, and enhance operational efficiency. 
• Assess where AI can add the greatest value: Following a risk-based approach should be an essential part of all your compliance procedures, including your use of AI. You should use AI and ML to automate repetitive, low-risk work while retaining human expertise for more complex and higher-risk decision-making, which requires compliance expertise and contextual analysis. In practice, these tasks will often be linked, meaning you should aim to combine targeted AI adoption with effective hiring and staff training. 
• Prioritize integrated AI adoption: According to our survey, between 40 and 50 percent of FIs use AI in an ad-hoc, rather than fully integrated, capacity for various screening and monitoring processes. However, with siloed data and platforms coming out as firms’ number one limitation to their compliance capabilities, it’s clear that FIs should prioritize a carefully considered, integrated approach to AI. This will improve the efficiency and consistency of compliance outcomes and will save time and money in many cases. 
• Carry out comprehensive testing: Given regulatory expectations around frequent testing of your compliance program, you should follow similar best practices when it comes to AI by establishing a schedule of regular audits, ideally by a third party or independent team within your organization. 
• Adopt agentic AI: As autonomous systems capable of learning from previous experiences and making decisions within a defined scope of work, agentic AI tools can enhance operational efficiency by taking on some first-line compliance tasks. For example, you can use agentic AI to analyze and prioritize alerts generated by your screening solutions, ensuring high-risk cases are escalated to human experts while reducing the burden on analysts. 

Boost AML compliance with AI-based solutions

ComplyAdvantage provides FIs of all sizes with AI-powered AML screening and monitoring tools designed to protect them from exposure to financial crime, satisfy regulatory requirements, and support business growth. As part of this, our solutions have been developed with explainability and model risk management in mind. 

“ComplyAdvantage believes that responsibly developing and managing AI is not only the right thing to do but also leads to better products that engage AI. Responsible AI is best when viewed as part of a best practice and thereby improves outcomes for our clients and their customers. In this way, it is aligned with business needs and not an external force acting on existing processes and competing with priorities.”

Chris Elliot, Director of Data Governance, ComplyAdvantage

ComplyAdvantage uses AI to: 

• Supply accurate risk data in real-time: Our market-leading global risk intelligence empowers firms with data sourced straight from regulators, refreshed automatically, and verified by experts. Compliance teams use this information for effective sanctions, adverse media, and politically exposed person (PEP) screening. 
• Monitor transactions for enhanced risk detection: Our transaction monitoring solution can detect hidden patterns of suspicious financial activity, allowing you to investigate promptly and understand new crime typologies. Where existing rulesets cannot detect suspicious behavior, our AI capability fills in the gap to precision. 
• Generate insights to improve compliance performance: With alert prioritization, comprehensive data dashboards, and real-time performance insights, you can better understand and optimize your team’s compliance workload and performance. 

The post AI in AML compliance: Navigating US regulations appeared first on ComplyAdvantage.

• Changes to the grey list.
• Strategic initiatives to improve global financial inclusion through a risk-based approach.
• The announcement of a new FATF report on combating online child sexual exploitation.
• Leadership transitions with the appointment of a new Vice-President.
• New public consultations to refine FATF standards.
• Initiatives to diversify perspectives and promote women’s leadership within the FATF network.

This article covers some of the key takeaways and what they mean for compliance professionals.

1. Additions to the grey list

Nepal

While Nepal made legislative amendments in 2024 to align with FATF standards, the country has struggled with implementation and enforcement, particularly in financial sector oversight, prosecutorial effectiveness, and regulatory compliance. 

The Asia/Pacific Group on Money Laundering (APG) had previously flagged Nepal’s slow response to key recommendations from its 2022 mutual evaluation report (MER), which highlighted persistent gaps in monitoring high-risk sectors and financial crime enforcement. These shortcomings, coupled with Nepal’s historical challenges in maintaining financial transparency, led the FATF to place the country under increased monitoring.

Laos (The Lao People’s Democratic Republic)

Despite Laos’ steps to address recommendations from its 2023 MER – such as bolstering financial intelligence unit (FIU) resources and eliminating bearer shares – the FATF found significant challenges remained regarding the country’s risk assessment process, regulatory oversight, and law enforcement effectiveness.

As a result, the FATF added Laos to the grey list and highlighted the following key areas for improvement:

• Enhancing risk-based supervision of high-risk sectors, including casinos and special economic zones (SEZs).
• Strengthening the dissemination of financial intelligence to relevant authorities.
• Increasing money laundering investigations and prosecutions, with a focus on transnational financial crimes.

A Guide to the FATF Grey List

Our expert guide takes firms through the importance of the grey list, what FATF assessments look for, and how firms should respond to a grey-listing.

Download now

2. Removals from the grey list

The Philippines 

The decision to remove the Philippines from the grey list follows nearly four years of the country working closely with the FATF to address and rectify strategic deficiencies identified in its financial regulatory framework. 

The FATF commended the Philippines for its significant progress, particularly in enhancing legislative measures – including amending the Anti-Money Laundering Act (AMLA) in 2021 and mandating all relevant agencies to actively participate in national risk assessments concerning money laundering and terrorism financing in October 2023. An on-site evaluation confirmed the effective implementation of these reforms, leading to the country’s removal from the list.

3. Strategic initiatives

Advancing financial inclusion through a risk-based approach

Recognizing that approximately 1.4 billion people worldwide lack access to banking services, the FATF has revised its standards to promote financial inclusion. Following a public consultation with over 140 responses from diverse stakeholders – including non-profit organizations, financial institutions, and academics – the FATF will amend Recommendation 1. 

This change encourages member countries to apply a risk-based approach to AML/CFT measures, allowing FIs to implement simplified procedures where risks are lower, thereby facilitating broader access to financial services. This initiative addresses concerns from a 2021 review, which highlighted issues such as de-risking and financial exclusion resulting from improper application of risk-based approaches.

Targeting online child sexual exploitation

The FATF announced it will release a new report on how financial intelligence can be used to detect, disrupt, and investigate the alarming rise of live-streamed child exploitation and sextortion. According to de Anda, the report will highlight:  

• How financial transactions can reveal offenders, link them to victims, and enable early intervention by authorities.
• New red flags and transaction patterns that indicate suspicious activity linked to online child sexual abuse, including the use of prepaid cards, peer-to-peer transactions, and micro-payments.
• The need for stronger partnerships between financial institutions, law enforcement, and technology companies to disrupt illicit financial networks facilitating child exploitation.

The report’s official launch is scheduled for March 13, 2025.

4. Enhancing global collaboration and leadership

Appointment of a new Vice-President

The plenary selected Giles Thomson from the United Kingdom as the next FATF Vice-President, succeeding Jeremy Weil from Canada. Thomson, currently serving as Director of the Office for Financial Sanctions Implementation (OFSI) and Economic Crime at HM Treasury, will assume the role on July 1, 2025, for a two-year term. 

Public consultations to refine FATF standards

To embed recent changes promoting a risk-based approach and financial inclusion, the FATF is working on updated guidance for policymakers and regulators. Public consultations are being conducted to gather feedback, ensuring practical implementation of these standards. 

Additionally, the FATF is seeking input on potential revisions to Recommendation 16, aiming to enhance payment transparency by standardizing originator and beneficiary information. This effort seeks to balance the facilitation of faster, more affordable payments with robust defenses against illicit finance.

5. Strengthening the global network

Guest jurisdiction initiative

Under the Mexican Presidency, the FATF has intensified efforts to include voices from regions with limited representation. The guest jurisdiction initiative invites countries to participate in plenary discussions on a rotational basis. This session welcomed Kenya – the first guest non-member from the East and Southern Africa Anti-Money Laundering Group (ESAAMLG) – joining the Cayman Islands and Senegal, to provide diverse perspectives and promote regional engagement.

Women in FATF and the Global Network (WFGN) initiative

A successful event was held to support the WFGN program, focusing on advancing women’s careers within the FATF and its global network. Proposals discussed include the launch of the second edition of the FATF Mentoring Programme in March 2025, aiming to provide guidance and support for female professionals in the field.

Next steps

You and your team should familiarize yourselves with the outcomes of the February 2025 plenary, especially the changes to the grey list and updates related to FATF’s strategic initiatives. You may need to update the risk scores for relevant countries added to or removed from the grey list, and ensure that appropriate levels of due diligence are applied going forward.

It’s also important to stay informed about the upcoming FATF report on online child exploitation and any new guidance related to financial inclusion. These developments could influence your team’s approach to regulatory compliance and the implementation of AML/CFT measures in the jurisdictions in which you operate.

The next FATF plenary is due to take place in June 2025.

Previous plenary coverage from ComplyAdvantage can be found here:

• October 2024
• June 2024
• February 2024
• October 2023
• June 2023
• February 2023
• October 2022
• June 2022

The post FATF plenary February 2025: Key grey list changes, strategic initiatives, and updated guidance appeared first on ComplyAdvantage.

At the second installment of AML Unplugged, our discussion series and networking forum for compliance professionals, a panel of industry experts unpacked some of the report’s key findings. 

In a wide-ranging fireside chat moderated by journalist and editor Joy Macknight, Iain Armstrong (Regulatory Affairs Practice Lead at ComplyAdvantage), Riccardo Tordera-Ricchi (Director of Policy & Government Relations at The Payments Association), and Denisse Rudich (Founder & Executive Director, Rudich Advisory) addressed the pressing issues facing compliance leaders in 2025. 

These include the growing complexity of organized crime, the emergence of data sharing initiatives, and how to invest in automation this year. This article recaps some of the main insights and tips shared at the event, geared to help compliance teams like yours optimize your compliance strategies. 

1. As organized crime evolves, compliance should too 

Organized crime represents a growing challenge for firms. In our survey of compliance decision-makers, 71 percent said their firm currently includes organized crime risks in its overall risk assessment, but 99 percent expressed a need for greater guidance on understanding the individual offenses fueling organized crime. 

This concern is well-founded. Organized crime methods are more diverse and interconnected than ever, with groups operating not just in core business areas – drug trafficking, human trafficking, racketeering – but in new areas such as illegal wildlife trafficking, cybercrime, and the infiltration of legal businesses. In the Mexican state of Michoacán, authorities estimate 80 percent of avocado orchards are linked to crimes such as land grabs and corruption. 

The boundaries between crime typologies are also becoming blurred, with victims of human trafficking forced to work in “scam centers” committing fraud. Organized crime groups are using cryptocurrencies to branch out from their traditional reliance on cash, while collaboration between different organizations is increasingly common: Mexican cartels enlisting Chinese groups to launder their money is one prominent example. Like the most effective corporations, criminal enterprises are diversifying. 

“Organized crime networks are profit-driven, and will look to pivot and use technology in an agile way to try to make a profit.”  

Denisse Rudich, Founder and Executive Director, Rudich Advisory 

Detailed, integrated threat intelligence is critical to strengthening your approach to organized crime. Our survey suggests that compliance teams are turning to multiple tools to detect organized crime risks, but many also struggle with siloed data, which 45 percent named as their biggest compliance challenge. 

Your firm should look to respond to the multiple threats of organized crime with connected tools that can communicate with each other and use consolidated data to give you a 360-degree view of your risks. With the right solutions in place, you can detect, analyze, and react to emerging and unprecedented threats. 

The State of Financial Crime 2025

Read our latest annual state-of-the-industry report, built around a global survey of 600 compliance decision-makers and packed with expert analysis.

Download your copy

2. Firms need clarity on data privacy when sharing information 

As it becomes more important than ever for firms to break their data out of siloes, information sharing continues to be a hot topic for financial institutions (FIs). 47 percent of the compliance professionals we surveyed think stronger public/private partnerships and data sharing protocols would have the greatest impact in the fight against financial crime – rating it higher than increased fines or other regulatory levers.

Recent initiatives in places like the UK, Singapore, Canada, and Hong Kong have given further momentum to the conversation around data sharing, but a few issues remain. Firms are concerned with balancing data privacy obligations with information sharing objectives, even when legislation allows for public/private or private/private sharing. 

In the UK, the government has issued guidance on information sharing under the Economic Crime and Corporate Transparency Act, confirming that civil liability for confidentiality breaches is disapplied for regulated firms and acknowledging that firms had been concerned about this. The Information Commissioner’s Office, meanwhile, has had to remind firms that data protection compliance is no excuse for not sharing information where a financial crime threat exists. 

Clarity is needed so firms can act decisively. To balance the need for data privacy with the benefits of data sharing, you should ensure your anti-money laundering (AML) compliance software can demonstrate adherence to the General Data Protection Regulation (GDPR) or equivalent legislation. 

3. Collaboration within organizations remains important 

Amid a strong industry focus on information sharing, the importance of FIs’ internal collaboration should not be lost. 

When asked about their most significant barriers to implementing new or upgraded compliance software solutions, 53 percent of our survey respondents cited technological compatibility, while a similar figure mentioned concerns around their organization’s information security (InfoSec) policy. 

Again, you should seek out solutions that can be easily integrated into existing tech stacks, ideally with API-based integration, and ensure that teams within your organization are not working in siloes as a first step. 

“Compliance teams need to be working much more closely with their IT and Security teams, building those bridges, making sure you understand the needs of the other department and they understand your needs.” 

Iain Armstrong, Regulatory Affairs Practice Lead, ComplyAdvantage 

4. Balancing automation with transparency is crucial when investing in AI

With new regulations around FIs’ use of artificial intelligence (AI) on the horizon, firms and regulators are somewhat at odds. With new rules likely to set higher standards around transparency and accountability, 70 percent of the firms we surveyed said they had a good understanding of planned AI regulation. Yet a higher figure, 91 percent, expressed a willingness to compromise AI explainability for greater efficiency and automation. 

Whether this is due to gaps in firms’ true understanding of regulatory aims or pressure to get results that override regulatory concerns, the approach these results suggest is not only risky for firms, but unnecessary. There is a business case for explainable AI as well as a regulatory one: it can enhance operational efficiency, support continuous improvement in risk management, and increase client trust. 

The compliance landscape is used to hot-topic conversations around AI, with generative AI and agentic AI likely to be of continued interest in 2025. However, balancing explainability with efficiency is arguably a more important challenge for firms. You should make sure you can demonstrate the methodologies your AML solution uses to make decisions, where your data has come from, the existence of robust audit trails, and the fairness and accuracy of your AI models. 

Transparency will be key in your conversations with regulators, rather than assuming they will be suspicious of innovation. Given the recognition of AI’s transformative potential for compliance and the heightened regulatory scrutiny this brings, understanding the rules around its use will be essential.

The post 4 lessons for firms fighting financial crime in 2025 appeared first on ComplyAdvantage.

This article explores the AML fines issued in 2024, looking at the failings that caused them and highlighting areas firms should look to address. While some sectors received higher penalties than others, the most significant fines and the number of firms and industries to have paid them demonstrate the importance of maintaining an effective AML compliance program across all regulated sectors. 

AML fines in 2024

Several sectors were subject to significant regulatory action last year. While AML fines are normally issued several years after regulatory breaches occur, these were the most heavily fined sectors in 2024: 

1. Banking – $3.2 billion+ in fines 
2. Cryptocurrency – $86 million+ in fines 
3. Gambling – $69 million+ in fines 
4. Payments – $46 million+ in fines 
5. Trading and brokerage – $10 million+ in fines 

1. Banking – $3.2 billion+ in fines

Having received the second-highest AML fines in 2023, the banking sector saw a significant increase in penalties in 2024, with both large institutions and challenger or neo-banks receiving huge fines. In one high-profile case, a bank was fined billions of dollars by multiple regulators for several failings, including:  

• A failure to update its compliance program to update known risks, such as money being funneled into high-risk jurisdictions. 
• Failing to file suspicious activity reports (SARs) despite transactions having been red-flagged. This meant criminal groups, including drug and human traffickers, were able to move billions of dollars through the bank.  
• Filing delayed or misleading currency transaction reports (CTRs). 
• Not acting on red flags indicating employee involvement in financial crime. 

In the UK, two well-known challenger banks racked up almost $60 million in Financial Conduct Authority (FCA) fines between them: one for systemic problems with its sanctions screening solution and one for inadequate transaction monitoring processes. In two other cases, regulators mentioned a failure to carry out adequate due diligence on correspondent banking accounts as a reason for imposing large fines on institutions. Correspondent banking is often recognized as high-risk; the Financial Action Task Force (FATF), for example, recommends carrying out enhanced due diligence (EDD) on correspondent banking relationships. 

2. Cryptocurrency – $86 million+ in fines

In 2023, the cryptocurrency industry ranked first in our top AML enforcement actions list. Although the amount it has had to pay in fines dropped in 2024, several crypto firms still received large fines. In one case, a firm was fined tens of millions of dollars for deficiencies in its transaction monitoring system, which led to a failure to detect $9 billion in suspicious payments. 

Another firm, despite having already been fined billions of dollars in 2023, received two further fines in 2024 for reasons including a failure to report transactions over regulatory thresholds. Sanctions breaches and taking on high-risk customers without conducting the necessary due diligence checks were further regulatory breaches mentioned in other crypto AML enforcement cases. 

3. Gambling – $69 million+ in fines

As in previous years, Australian gambling and entertainment firms suffered significant AML fines in 2024. One company was ordered to pay in the region of $70 million for allowing high-risk customers to use its casinos to obscure their source of funds (SOF) and for failing to apply risk-based controls to customers. Another casino, based in the US, was found to lack even basic AML controls and failed to file SARs and CTRs. 

Meanwhile, in the UK, a well-known betting firm was fined for having ineffective know-your-customer (KYC) EDD checks relative to its AML risks, inadequate risk ratings, and failing to screen customers against sanctions lists. Other causes of AML gambling fines included: 

• Failing to report suspicious transactions linked to illegal betting. 
• Poor customer due diligence (CDD) checks, including an overreliance on third-party information. 
• Inadequate SOF checks. 
• A failure to apply transaction reporting thresholds and triggers. 

4. Payments – $46 million+ in fines 

The payments sector was missing from our 2023 fines roundup but has returned to this year’s list thanks to a large penalty for a fast-growing FinTech firm. The business was fined tens of millions of dollars for significant weaknesses in its AML compliance measures, which included a failure to properly consider how its services could be used for money laundering or terrorist financing. This serves as a reminder to carry out effective business-wide risk assessments and apply a risk-based approach to compliance. 

5. Trading and brokerage – $10 million+ in fines

Although the fines received by trading and brokerage firms last year tended to be lower than in other sectors, such as banking, the number of companies subject to regulatory action was enough to see the sector complete our list of 2024’s top AML fines. 

More than one firm, including a subsidiary of a leading European bank, was charged with failing to file SARs on time. Others were criticized by regulators such as the Financial Industry Regulatory Authority (FINRA) for an inability to monitor and detect suspicious transactions or for a lack of written AML policies and procedures. In one case, a firm was found to have inadequate fraud prevention measures, allowing criminals to open accounts using fake or stolen identities. 

Webinar: Navigating global risks, AI, and key regulatory milestones in 2025

Unpack the results of our global survey on what compliance leaders think will shape 2025.

Watch on demand

The AML violations with the biggest penalties

Across these sectors, several firms committed similar compliance failings, which led to regulatory enforcement action. Some of the most significant were: 

• Sanctions violations: As global sanctions regimes continued to expand in the wake of ongoing geopolitical conflicts, the importance of effective sanctions screening became clear. Fines ensued for firms doing business with sanctioned entities, with both deliberate and inadvertent breaches resulting in regulatory action. 
• Inadequate CDD: Risk-based due diligence is a cornerstone of compliance regimes worldwide. As in previous years, institutions that failed to apply the correct level of CDD, including EDD for higher-risk customers, were met with heavy monetary penalties. 
• Failing to adequately monitor transactions: Across all sectors, transaction monitoring was a key issue in 2024. Firms using solutions that did not pick up on suspicious transactions and therefore allowed their services to be used for criminal purposes suffered the financial consequences. 
• Improper SAR filing: Regulators punished firms that filed late or misleading SARs, or failed to file them at all. This underlines the importance of filing prompt and accurate reports and having appropriate transaction monitoring measures in place to support them. 

Recent and upcoming AML regulations to be aware of

Regulatory compliance is top of mind for many firms, who realise that rather than simply being a matter of checking the right boxes, audits can be time-consuming, resource-intensive, and potentially disruptive to business operations if firms aren’t properly prepared. In our latest global survey of compliance decision-makers, 55 percent cited completing a regulatory audit as one of their most significant challenges. 

A proactive approach, which includes anticipating legislative developments and understanding regulators’ expectations, is key to meeting compliance requirements efficiently. Below are some of the most important regulatory updates of 2024, and some upcoming changes you should look out for in the year ahead. The impact of recent and anticipated regulatory changes is explored in depth in our annual report, The State of Financial Crime 2025. 

Key changes in AML regulations in 2024

• European Union: The EU’s long-anticipated AML package was adopted in May. This included a new set of regulations harmonizing AML regulation and enforcement across member states, such as by mandating regular National Risk Assessments, new public supervisory bodies, and asset registers. As part of the package, a new Europe-wide regulator, the Anti-Money Laundering Authority (AMLA), has been set up. 
• United States: In August, the Financial Crimes Enforcement Network (FinCEN) tightened the regulatory obligations of real estate firms and investment advisers. 
• United Kingdom: Measures under the Economic Crime and Corporate Transparency Act (ECCTA) came into effect in March. These aimed to better protect Companies House, the UK’s business register, from fraudulent entities and to allow it to share information with law enforcement. Since October, payment service providers have had to reimburse victims of authorized push payment (APP) fraud up to £85,000. 
• Australia: The Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Amendment Act was passed in December. This extended regulatory oversight to designated non-financial businesses and professions (DNFBPs), such as lawyers and accountants, and updated CDD requirements.
• Singapore: The Anti-Money Laundering and Other Matters Act was passed, giving law enforcement greater powers to prosecute financial crimes and aligning the gambling sector’s regulatory obligations with FATF standards. 

Upcoming AML regulations in 2025

• United States: US-based firms should expect a resolution to the legislative back-and-forth over beneficial ownership reporting. From January 2024, the Corporate Transparency Act (CTA) required firms to submit information on their ultimate beneficial ownership (UBO) to FinCEN. However, a Texas judge deemed this “likely unconstitutional” in December and issued a nationwide injunction against the CTA. After initially granting an emergency stay of the injunction, the US Court of Appeals for the Fifth Circuit reinstated it in late December. The federal government has now applied to the Supreme Court, the highest court in the country, for a stay, and its decision will determine whether firms must complete UBO filings. 
• European Union: With its first chair appointed, AMLA will begin work in July. AMLA will coordinate national authorities to ensure the application of the EU’s AML framework and directly supervise certain high-risk firms operating across borders. Meanwhile, the Single Euro Payments Area (SEPA) Instant Credit Transfer (ICT) scheme will continue its expansion, with Turkey, Romania, Croatia, and Bulgaria all due to participate in 2025. 
• Australia: A new confirmation-of-payee system, which aims to prevent fraud by verifying payee details before transactions are completed, is expected to be rolled out by FIs early on in 2025.  
• Singapore: In mid-2025, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) will launch new electronic deferred payment systems (EDPs). This will support the country’s broader transition to e-payments, with corporate cheques gradually being phased out.  

How to avoid AML fines in 2025

As the size of some of the fines firms received demonstrates, AML failings can have a profound financial impact on firms. This is often compounded by the reputational damage these fines can cause. Consumers are less likely to do business with firms known for poor financial crime detection measures, with one study suggesting that global executives attribute 63 of their company’s market value to its reputation. 

To protect themselves from the immediate and long-term consequences of non-compliance, you should: 

• Enhance their customer screening measures to streamline onboarding processes while exceeding regulatory requirements. 
• Be able to access the latest sanctions, watchlist, politically exposed person (PEP), and adverse media data, ideally updated in real-time. 
• Implement a machine learning-powered transaction monitoring solution that can be configured based on risk appetites and automate parts of the SAR filing process. 
• Provide adequate training to compliance staff on AML requirements, including reporting obligations, conducting EDD, and following sanctions or asset-freezing measures. 

The post The biggest AML fines in 2024 appeared first on ComplyAdvantage.

To help answer this question, this article will cover:

• The importance of comprehensive data.
• The 9 key data types that, when viewed together, help paint an accurate risk picture.
• What “good” looks like in relation to these data types.
• The kind of insights that can be produced from them. 
• Key questions you can ask to assess a vendor’s data retention and governance capabilities.

Why does comprehensive data matter?

A main component of quality data is its comprehensiveness – not just the breadth and depth of information collected but also how seamlessly it integrates with other data points to enrich its information.  When viewed holistically, comprehensive data allows firms to construct a full, accurate picture of potential risk, turning disparate pieces of information into insights that allow analysts to make informed decisions. This integration is necessary for generating meaningful outputs, such as real-time risk scores, which empower firms to take a risk-based approach to alerts. 

On the other hand, gaps in data coverage can leave firms vulnerable. Missing or incomplete information may result in undetected instances of money laundering and regulatory breaches. For example, in 2023, a subsidiary of a major commercial bank was fined $25 million by the Financial Crimes Enforcement Network (FinCEN) for failing to fully integrate crucial customer data from the know your customer (KYC) process into its risk assessment and transaction monitoring systems. This data gap prevented the firm from detecting suspicious activity and filing suspicious activity reports (SARs) within the required timeframe.

Compliance failures like this often stem from siloed data and disparate platforms that fail to integrate various types of relevant AML data, a challenge identified as the major limitation for compliance leaders in our State of Financial Crime 2025 survey. In fact, the top three concerns revealed by compliance leaders were:

1. Siloed datasets (45 percent).
2. Lack of real-time visibility into risks (45 percent).
3. Comprehensiveness and/or quality of data (44 percent).

What are the main limitations to your organization’s current approach to financial crime detection?

These issues highlight a critical problem: the inability to connect high-quality data and quickly draw inferences from it.

If your firm is actively looking to combat this challenge, understanding which AML data types are essential to creating a comprehensive risk picture is a good place to start.

AML data types across key compliance stages

While various data types are often used across multiple stages of the AML process, the table below shows how nine different kinds of data relate to some of the larger compliance activities that occur throughout the client lifecyle. 

But what are the hallmarks of these data types? What does “good” look like in each case and what insights can typically be derived from the information provided? The next sections consider these questions in relation to each of the following:

1. Customer information.
2. Beneficial ownership information (BOI).
3. PEPs & RCA data.
4. Geographic risk data.
5. Sanctions & watchlist data.
6. Adverse media. 
7. Transaction data.
8. Behavioral data.
9. Historical data.

1. Customer information

Know your customer (KYC) regulations make up the foundation of AML compliance. The process begins with collecting accurate and comprehensive information directly from the customer. Without this initial step, the onboarding process may stall before it truly begins.

Key customer information typically includes:

• Full legal name.
• Date of birth.
• Residential address.
• Nationality.
• Occupation.
• Unique identification numbers (e.g., passport number, national ID).

Once this data is collected, your compliance team’s expertise comes into play. Meticulous verification of the provided information is essential to ensure its authenticity and identify any possible risk factors. In some cases, additional inquiries into the customer’s source of funds (SoF) or source of wealth (SoW) may be necessary to build a comprehensive risk profile. 

2. Beneficial ownership information (BOI)

Ultimate beneficial owners (UBOs) are individuals who ultimately own or control a company and benefit from its financial activity. However, identifying these individuals can be challenging due to complex ownership structures often designed to obscure their identities.

Key beneficial ownership information to collect includes:

• The nature and extent of ownership interest.
• The chain of ownership.
• Percentage of shares or voting rights held.
• Date when beneficial ownership was acquired.
• Details about intermediate entities.
• Relationships between different owners.
• Any trust arrangements.
• Indirect ownership structures.
• Customer’s authority to appoint or remove officers or directors.
• Other key decision-makers within the company.
  

The challenge lies not just in collecting this information but in interpreting it correctly. Your compliance team should be well-trained in recognizing red flags, such as unnecessarily complex structures or ownership chains that lead to high-risk jurisdictions. By thoroughly mapping out beneficial ownership, your team can better assess the risk associated with a business relationship and make informed decisions about customer onboarding and ongoing due diligence.

3. Politically exposed person (PEP) & relatives and close associates (RCAs)

Due to their prominent public functions, PEPs are considered higher risk for potential involvement in bribery, corruption, or money laundering. This risk often extends to their family members and close associates. Effective PEP and RCA screening requires comprehensive and up-to-date data. While the process can be complex, focusing on key elements can significantly enhance the quality and usefulness of PEP-related information. The hallmarks of “good” PEP data include:

• Detailed positional information: Understanding the specific nature of a PEP’s familial and professional connections provides the context needed for evaluating potential vulnerabilities and exposure to illicit activities. It’s also pivotal for targeted risk assessments.
• Data coverage: Effective PEP data management should encompass a wide range of sources and jurisdictions to ensure no critical information is missed. This includes global databases that are regularly updated to reflect new appointments, changes in status, and other relevant developments. 
• Transactional behavior analysis: Transactional behavior analysis involves monitoring the financial activities of PEPs to identify patterns that may indicate suspicious or illicit activities. This can include large or unusual transactions, frequent transfers to high-risk jurisdictions, or transactions that do not align with the PEP’s known sources of income.

4. Geographic risk data

Because some jurisdictions have comparatively weak AML/CFT legislation, are known to be offshore financial havens, or have high levels of corruption, drug trafficking, and other predicate crimes in money laundering, a potential customer’s location factors into their risk status. 

While there is no definitive global approach to identifying high-risk geographic locations, if an entity has ties to a jurisdiction that features on lists such as the Financial Action Task Force (FATF) ‘black’ and ‘grey’ lists, it is enough for it to be deemed higher-risk. 

Beyond FATF lists, your compliance team may consider data provided by:

• Transparency International’s Corruption Perceptions Index.
• The Basel AML Index.
• The Financial Secrecy Index.
• The prevalence of specific predicate offenses (e.g., human trafficking, drug production).

5. Sanctions & watchlist data

Staying on top of sanctions and watchlist updates is a critical yet increasingly challenging task for compliance teams. With new sanctions designations being introduced at a rapid pace, your ability to access accurate and comprehensive data is essential for maintaining compliance. However, not all sanctions data providers offer the same level of quality, and gaps in data can lead to significant risks.

High-quality sanctions data can be evaluated using several key factors:

• Accuracy: Error-free data is fundamental to effective compliance. Even minor inaccuracies can lead to missed sanctions matches or unnecessary false positives.
• Coverage: Comprehensive coverage across all relevant jurisdictions ensures no critical information is overlooked. This includes sourcing data from global sanctions lists and other watchlists that align with your firm’s geographic and customer profile.
• Currency: Access to up-to-date information is non-negotiable. Real-time updates to sanctions lists allow firms to respond quickly to new designations and reduce exposure to potential violations.
• Networks: Understanding the broader networks surrounding sanctions targets is increasingly important. Family ties, business relationships, and other connections can reveal attempts to evade sanctions through intermediaries or proxies.

The State of Financial Crime 2025

Packed with practical tips from our team of subject-matter experts, download our fifth annual report that explores the major trends and topics set to shape the year in compliance.

Download now

6. Adverse media

Adverse media information consists of negative news or content about individuals or organizations spread through various media channels. This includes:

• News articles highlighting financial irregularities, unethical practices, or scandals.
• Social media posts criticizing products, services, or individuals.
• Regulatory reports identifying violations of industry regulations.
• Legal filings alleging wrongdoing.
• Blog posts, forum discussions, and other online content related to financial crime or negative reputational issues.
• Government reports and court documents containing adverse information.
• Information from watchlists and blacklists.
  

However, when dealing with negative news screening, one of the main challenges analysts face is having to sift through vast amounts of data to identify relevant information. A major issue is the prevalence of irrelevant or noisy data. For example, searching for “Tiffany Palmer” on Google will generate over 70,000 results, even when using specific keywords like fraud or money laundering. Another challenge relates to keeping track of a customer’s risk information over time and assessing the quality and credibility of the data in question. 

Adopting a machine learning (ML) approach to adverse media screening can help combat these challenges, giving your team access to unstructured data that has been pre-analyzed, categorized, and consolidated into comprehensive profiles. However, as with every other screening process, acquiring high-quality, relevant, and diverse data is crucial for training effective ML models. While various datasets exist, solving specific AML problems often requires millions of carefully curated training examples. Not every data provider will have access to or utilize such extensive datasets. In contrast, vendors that leverage their own proprietary data can offer enriched insights.

7. Transaction data

Transaction data largely consists of information referring to:

• Account identifiers, such as customer account numbers, sort codes, and IBANs.
• Transaction details, including the transaction ID, type (e.g., debit, credit, transfer).
• The payment rail used for the transaction (e.g., ACH, FedNow, SEPA ICT). 
• Amount.
• Currency.
• Date and timestamp.
• Balance information.
• Counterparty information, including the merchant name or payee details.
• Where available, information about where the transaction took place.
  

The Financial Action Task Force (FATF)’s recommendations emphasize the importance of capturing all relevant transaction data, including the originator’s and beneficiary’s details, to improve traceability. To ensure all information is complete for your risk analysis, make sure your teams are monitoring the quality of the transaction data they receive and are trained on the appropriate action to take when essential details are missing.

8. Behavioral data

While transaction data provides the raw facts of financial activities, this data alone may not reveal the full picture of potential money laundering activities. Behavioral information, on the other hand, adds crucial context by analyzing patterns and trends in customer activities over time. Behavioral data typically includes:

• Transaction patterns.
• Account usage.
• Changes in behavior.
• Peer group comparison.
• Network analysis.
• Device and channel information.
  

When behavioral data patterns are analyzed, your team can then craft customized rulesets that align with your specific customer base and risk appetite. These tailored rules enable more accurate detection of suspicious activities while reducing false positives. For example, TransferMate was able to work with ComplyAdvantage to tailor-make a rule that would detect key behavioral indicators for child sexual exploitation. Additionally, after receiving key updates from law enforcement in the field, they were able to immediately refine the rule and account for behaviors indicating abuse of younger victims. With other solutions, making the change could have taken six months or more.

9. Historical data

Historic data in AML screening is essentially a longitudinal view of customer interactions and financial activities over an extended period of time. It provides a consolidated, time-based perspective that allows compliance teams to:

• Establish long-term behavioral baselines.
• Identify gradual changes in customer financial patterns.
• Understand cumulative risk indicators.
• Track the evolution of a customer’s financial profile over time.

Historic data is also vital during audits and regulatory investigations as it essentially acts as a log of your team’s decisions. 

What is data retention in AML, and why is it important?

In AML compliance, “data retention” refers to the practice of storing customer-related data for a specified period of time. As well as providing evidence for any investigations, data retention also allows firms to monitor and analyze activity for potential money laundering or terrorist financing.

Depending on the jurisdiction in which your firm operates, the period of time companies have to retain customer data can vary. For example:

• The Money Laundering Regulations (MLRs) in the UK require CDD documents to be kept for at least 5 years from the date on which the transaction has completed or the business relationship has come to an end.
• The Fourth AML Directive of the European Union mandates a minimum retention period of five years for personal data. However, it allows for an additional retention period of up to five years (totaling 10 years) if provided for under local legislation, but only if necessary for prevention, detection, or investigation of money laundering or terrorist financing.
• Australia’s Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) requires firms to retain CDD and transaction records for seven years from the date of the transaction or the end of the customer relationship.

Strong data retention practices help ensure your team can meet its regulatory requirements, conduct effective investigations, and maintain accurate records for long-term compliance. Some key questions you can ask to assess a vendor’s data retention and governance capabilities include:

1. How do you maintain the accuracy, security, and integrity of retained data over time?
2. Can your system scale to accommodate increasing volumes of data as our organization grows?
3. What tools or processes could you provide to help us access historical data quickly for audits or investigations?

Maximize compliance efficiency with global AML data coverage 

ComplyAdvantage is one of very few RegTech providers to hold its own financial crime risk data, alongside the software and UI layers. This means firms can access their full AML stack from one provider – no need to purchase data separately.

As a specialist in financial crime, we are experts in providing the sanctions, PEPs and adverse media data compliance teams need. Chartis’ latest analysis of the KYC Data market showed us as the sole ‘best-of-breed’ vendor, reflecting our specialist expertise in financial crime risk intelligence. Specifically, we were the only firm to receive best-in-class scores in both the ‘sanctions and watchlist data’ and ‘negative news and PEPs’ categories.

The post The essential guide to AML data: 9 key data types that drive smarter decision-making appeared first on ComplyAdvantage.

This article explores the trends you need to know about, including likely sanctions targets and areas where jurisdictions will work together. It also outlines how to minimize your firm’s sanctions risk exposure in 2025. 

Key sanctions developments in 2025 

1. US to ramp up pressure on China 

2024 was a year of controlled tension between China and the West. The US, and allies like the EU and the UK, issued several sanctions and export controls on China, mostly in response to its development of advanced technology and its support for Russia and Iran. However, these were applied only gradually, and the US chose not to target Chinese banks facilitating Russian sanctions evasion.

In response, China played a “double game” by issuing export controls on dual-use goods with military applications. While these limited the supply of technology to the West, they also restricted exports to Russia, which could be read as a sign that China was willing to assuage US concerns over its relationship with Russia.

All this will likely change as Trump tries to correct what he sees as economic imbalances resulting from China’s trade practices. While he will turn to tariffs initially, precedent suggests a wave of sanctions will follow. The US will also take a harder line on Chinese financial support for Russia’s military efforts in Ukraine – partly to force Russia into an agreement but also to drive a wedge between the two countries. 

Governments across the EU, UK, Canada, and other jurisdictions will follow the US’s lead; expect more designations of Chinese firms and secondary sanctions against smaller Chinese banks. In contrast, anticipated Chinese counter-measures to this firmer position will cause conflicts of interest in firms with both Eastern and Western interests.

2. Russia sanctions continue to create challenges 

With no end to the war in Ukraine in sight, sanctions regimes against Russia will continue. So far, these have aimed to reduce Russian access to the international financial system, limit the supply of goods used in arms production, oil shipping, and logistics, and freeze the assets of Russian individuals.

However, they have encountered problems in their implementation, including loopholes that allowed targets to find workarounds, ineffective enforcement, and “shadow” markets for commodities like Russian oil. In 2025, making sanctions work better will be just as much of a priority as designating new entities. 

Sanctions will continue, with new rounds to come from the EU, UK, and the US: President Trump has already threatened to increase sanctions on Russia if a peace deal is not reached. Having seen their enforcement criticized, governments and regulators will try to change the narrative in 2025. One of their priorities will be to reduce loopholes for evasion, including secondary sanctions on third countries and enforcement actions against individuals facilitating sanctions evasion.

Meanwhile, for as long as the war continues, Russia will continue to seek ways to evade sanctions using third countries and FinTech. If you work in the payment services or crypto-asset service sectors, you should pay special attention to the risks you face.

Webinar: Navigating global risks, AI, and key regulatory milestones in 2025

Join our expert panel as they unpack the results of our State of Financial Crime 2025 report.

Watch on demand

3. Middle Eastern sanctions in flux 

A host of US sanctions on Iran target its funding of groups such as Hamas and Hezbollah. Most of these funds derive from Iran’s “shadow” economy, where the profits of illicit oil sales are used to purchase sanctioned goods. 2024 saw Western attempts to tighten sanctions against Iran’s shadow trade and its ongoing efforts to procure commodities like advanced technology on the international market. 

Further US sanctions on Iran and its proxy groups can be expected in 2025l. Whereas the US has also previously taken action against Israeli extremist settler groups, these measures have been rescinded since Trump’s return to office.

As of January 2025, ceasefires have been agreed between Israel and both Hamas and Hezbollah. The prospect of these turning into a more permanent peace, however, seems remote. Further conflict – a likely possibility with the new US administration willing to take a light-touch approach with Israel’s government  – would lead to greater sanctions against Iran and its proxies by the US’s allies, regardless of its origins. 

Since international payments are the lifeblood of the Iranian shadow economy, payment service providers (PSPs) should pay particular attention to sanctions updates. If you work for a PSP (whether fiat- or cryptocurrency-based) with exposure to trading intermediaries, logistics firms, small FIs, or charities in Middle Eastern or East Asian markets, you should review your risks.

4. North Korean loopholes to close

Relations between the West and North Korea remain difficult, thanks to the latter’s military support for Russia. An investigation by The Financial Times and the Royal United Services Institute, for example, suggested Russia was paying for munitions by supplying North Korea with oil over UNSC sanctions limits. 2024 designations responded to North Korea’s weapons proliferation program and illicit funding networks, including cryptocurrency thefts reportedly carried out by hackers working abroad as IT specialists. In 2025, we will likely see more of the same.

However, current sanctions regimes against North Korea are already extensive, and there are few remaining financial levers to pull. Further designations will probably target the Russian end of the arms-for-oil trade and the involvement of third-country entities: the next step for Western countries is to target clandestine North Korean networks in China, dovetailing with the new US administration’s hardline stance towards Beijing. 

While dramatic changes are unlikely, countries with less extensive sanctions regimes will fill the gaps with designations matching longstanding US measures. Any new US designations will focus on firms and intermediaries used for evasion in China, Hong Kong, the UAE, and Southeast Asia.

How to ensure sanctions compliance in 2025 

Faced with multiple developments across a fast-changing global sanctions landscape, advanced, reliable sanctions screening solutions remain paramount for FIs. 

However, in our survey of compliance leaders for The State of Financial Crime 2025, 43 percent cited a limited ability to screen against sanctions lists as their biggest compliance problem.

What are the main limitations to your organization’s current approach to financial crime detection?

Organizations at the forefront of sanctions compliance are prioritizing:

1. Ensuring access to real-time data

Quickly changing designations mean real-time sanctions screening has become more important than ever. Delays in receiving accurate sanctions data mean you risk inadvertently trading with sanctioned entities and incurring regulatory enforcement. A solution that checks customers and supply chain partners against automatically refreshed data is the most efficient way to guard against this risk.

You should also ensure your due diligence processes can draw on other data, such as politically exposed person (PEP) or adverse media information, for the widest possible coverage.

“To insulate your firm from sanctions risks, you must have robust but flexible ongoing customer due diligence, drawing on the best risk information available. This means not only up-to-date sanctions and PEP lists but also adverse media information that can help identify high-risk counterparties not yet designated by governments.”

Andrew Davies, Global Head of Regulatory Affairs, ComplyAdvantage 

2. Identifying third-country risks 

The likelihood of governments and regulators attempting to crack down on Russian and North Korean sanctions evasion via secondary sanctions has put third-country risks into the spotlight. This means FIs need to factor these into their risk assessments and take appropriate steps to mitigate any threats. 

“You should continue existing good practices on name and transaction screening. At the same time, you should pay attention to the risks of sanctions evasion through third countries, taking a proactive approach to identifying risks in your client base through due diligence reviews of high-risk clients.” 

Iain Armstrong, Regulatory Affairs Practice Lead, ComplyAdvantage 

High-risk clients include small or medium-sized import/export firms operating in locations with ties to sanctioned countries. In addition to conducting effective screening, your transaction monitoring should be appropriately calibrated to identify unusual commercial or financial behavior patterns based on evolving crime typologies.

3. Planning ahead for changes

To ensure your organization’s risk management frameworks are fit for purpose, you should be able to implement or adapt new policies as soon as new sanctions are enacted.

This means you should review any risks you might face from direct or correspondent relationships with entities likely to be sanctioned at some point and prepare responses for any future measures against them before they happen. US firms, for example, should have policies for designations of Chinese banks they have relationships with. 

The key here is conducting comprehensive risk assessments and using agile platforms that can react quickly to global developments. When screening or monitoring transactions, use customized rulesets that can be flexibly applied to different customer segments based on your risk appetite and the sanctions challenges you are likely to face.

The post 4 sanctions trends to watch for in 2025 appeared first on ComplyAdvantage.

The shipping sector’s cross-border operations, complex supply chains, and high transaction volumes and values make it vulnerable to various financial crime threats, including money laundering, terrorist financing, and sanctions evasion. Given these challenges, you must ensure you have effective anti-money laundering and countering the financing of terrorism (AML/CFT) measures in place to protect themselves and ensure regulatory compliance. 

Financial crime risks affecting the shipping industry 

Trade-based money laundering 

Criminals have become increasingly sophisticated at using the complex mechanisms of international trade to launder money. Trade-based money laundering (TBML) involves manipulating the contents of shipments and invoices to move illicit funds through the global trade system and disguise them as the proceeds of a legitimate business. 

TBML works by artificially transferring or retaining value from shipments. It occurs in several ways, from forging trade documents to misclassifying commodities. Common examples include:

• Over-shipment, or sending more goods than stated in shipping documents, to transfer value to the importer. 
• Under-shipment, or sending fewer goods than stated, allowing the exporter to retain the extra value. 
• Over-invoicing, so the exporter receives more money than the actual value of the shipment.
• Under-invoicing, so the importer receives goods worth more than what they have paid. 
• Submitting multiple invoices for the same shipment. 

Because it happens across multiple jurisdictions and involves several parties, TBML can sometimes be difficult to track, making it a significant risk for shipping firms. According to the Financial Action Task Force (FATF), TBML red flags include: 

• Complicated or opaque corporate structures, including the use of shell companies. 
• Companies registered at addresses that are apparently used for mass registration. 
• Vague descriptions of commodities on invoices and contracts. 
• Prices that do not align with typical market values.  

TBML poses a growing threat across the financial landscape: in our State of Financial Crime 2025 survey, 51 percent of global compliance leaders identified it as one of their top financial crime concerns. 

From the list below, what financial crime typologies is your organization concerned about in the next 12 months?

Sanctions evasion 

Governments impose sanctions on countries, businesses, or individuals to punish violations of international law. Because sanctions often restrict the movement of goods across international borders, if your business operates in the maritime sector, you must pay them particular attention to avoid breaches. Deliberate or accidental sanctions violations can result in severe civil and criminal penalties. 

Sanctions that are particularly relevant to the shipping industry are: 

• Import and export embargoes: These ban buying or selling specific goods from or to a designated entity. Arms embargoes, which prevent the trade of weapons or dual-use goods, are a common type of trade restriction. 
• Transport sanctions: These restrict the movement, registration, or ownership of specific vessels, including ships and aircraft. They are often imposed on vessels or operators carrying goods on behalf of sanctioned entities. So-called ‘dark’ or ‘shadow’ fleets have become a significant issue in relation to Russian sanctions evasion, with the UK government introducing sanctions against ten ships belonging to an illicit fleet trading Russian oil in September 2024. 

To avoid facilitating sanctions breaches, APAC shipping businesses should stay updated on the latest sanctions lists, including Singapore’s Targeted Financial Sanctions, Australia’s Consolidated List, and Japan’s economic sanctions list. 

The complexity of the sanctions landscape poses particular problems for the shipping sector. These include: 

• Evolving sanctions lists: Many jurisdictions update their sanctions lists extremely regularly, which means you should ensure their sanctions data is constantly up to date to avoid trading with sanctioned entities. 
• Establishing beneficial ownership: Obtaining information on a vessel’s ultimate beneficial ownership (UBO) can be difficult. Each vessel operates under the flag of its country of registration but may be operated by a firm located elsewhere and owned by an entity in yet another jurisdiction. This can make establishing control of vessels difficult, especially when corporate structures are exploited to disguise ownership. 
• Convoluted supply chains: Shipping requires vessels to move goods through various handlers and locations. This gives criminals opportunities to manipulate shipping information or exploit regulatory differences between countries. It also means you must understand who they are doing business with to avoid exposing themselves to risk. 

Third-party risks 

In practice, shipping companies rely on several parties to complete trades and transactions. This means they risk interacting with businesses or vessels acting on behalf of sanctioned entities or criminal groups seeking to launder money. This complicates compliance procedures by requiring them to screen a range of individuals and entities for money laundering, terrorist financing, and sanctions risks, including suppliers, traders, distribution centers, vessel captains, insurance companies, and crewing companies. 

The involvement of third parties also exposes firms to the wide range of shipping fraud typologies that occur across the industry. These can include criminals posing as official personnel to collect goods, misdirecting goods while in transit, or double brokering (when a carrier collects payment for moving a shipment but subcontracts the job to a third-party carrier at a profit). In recent years, a string of cases involving shipping container scams have been reported across the industry, with fraudsters estimated to make over $2000 for every fake container sold. Shipping fraud disrupts supply chains and leaves businesses out of pocket for lost or stolen goods. 

The State of Financial Crime 2025

Read our fifth annual state-of-the-industry report, built around a global survey of 600 senior compliance decision-makers.

Download your copy

How you can mitigate your financial crime risks

These risks may seem challenging for the APAC shipping sector, especially given the additional time, resources, and labor costs they imply. However, aided by appropriately trained staff and specialist compliance software, you can adapt to the changing financial crime landscape without compromising your business operations by adopting these best practices: 

• Conduct due diligence on all customers and suppliers: Your firm should have strong know your customer (KYC) and know your business (KYB) processes in place. These involve gathering and verifying key identifying information about an entity, including its beneficial owner(s). As part of their due diligence obligations, you should use this information to assess the risk level of every business relationship they undertake and base your compliance procedures on these risks (as well as their risk appetite). 
• Tailor compliance strategies to local regulations: The shipping sector’s cross-border nature calls for flexible compliance solutions rather than a one-size-fits-all approach. You should ensure you are up to date on your regulatory obligations and be able to apply different rulesets across your AML/CFT screening and monitoring to avoid both the dangers of non-compliance and the inefficiencies of over-compliance. 
• Enhance screening with automation: When conducting due diligence, use a variety of screening tools – not only for sanctions, but also for adverse media and politically exposed person (PEP) status. Combining screening tools can create a comprehensive view of any entity’s risk; adverse media stories, for example, can sometimes alert compliance teams to risks not reflected in official sources. Screening software that leverages artificial intelligence (AI) to automatically scan for updates can reduce compliance costs and risk exposure. 
• Continue to monitor business relationships: You should carry out ongoing monitoring of partners, vendors, and customers to ensure you remain alert to any changes affecting their risk levels. As with screening, this should be done continually using automated monitoring systems, rather than periodically with manual checks. 

Integrated AML/CFT solutions for shipping firms 

Given that shipping companies in the APAC region face various compliance risks, from sanctions compliance to shipping fraud, they should use specialized compliance software capable of carrying out essential due diligence checks. 

Singapore-based firm Hafnia began using ComplyAdvantage’s screening software after searching for a solution that matched the needs of their large global operation. Since then, the software’s insights and ease of use have significantly enhanced their screening capabilities. 

“We previously had trouble getting people across the shipping industry to comply and ensure transparency, especially when it came to obtaining UBO data. […] But with ComplyAdvantage, the simplicity of the search functionality has made it easy to onboard people and explain the necessity of client references and ongoing monitoring.” 

Sinclair Coghill, Manager, Compliance and Executive Projects, Hafnia 

ComplyAdvantage Mesh Customer Screening combines a cutting-edge risk screening solution with market-leading proprietary data so you can: 

• Get updates in real-time: ComplyAdvantage’s data is sourced straight from regulators and refreshed using automated systems, so you receive updates well ahead of competitors. 
• Detailed risk intelligence: Access more than just names on sanctions lists with sanctions-related data that shows entities related to or controlled by sanctioned individuals and businesses. Go beyond the minimum expected by regulators and ensure compliance with true, in-depth insights. 
• Process case decisions efficiently: Customer profiles are integrated and viewable on a single screen, allowing analysts to swiftly access all the information they need to make informed decisions. 

The post Financial crime risks for APAC shipping firms and how to mitigate them appeared first on ComplyAdvantage.

This article outlines the data privacy and security work that underpins the ComplyAdvantage Mesh platform. It is designed to provide an overview of our security credentials that compliance leaders can share with IT and information security stakeholders, enabling them to focus on the core compliance capabilities and value-adds ComplyAdvantage offers that will help them improve the efficiency and efficacy of their compliance program. 

The role of data privacy and security in financial crime compliance

While every RegTech vendor will need to meet key data privacy and security requirements to credibly offer services to customers, the nature and history of their technology stack play an important role in the ease with which they can deliver the best possible data protection.

ComplyAdvantage’s software stack is cloud-native, running largely in short-lived containers that are regularly recycled and updated, making them harder to attack. In addition to effective automation procedures, we have a dedicated InfoSec team that provides security training to our engineers and regularly reviews our processes. 

AML regulations on data privacy and security 

Whereas AML regulations are typically set at the national level or by a regional body such as the European Union, data security and data privacy standards are often international. The key requirements many firms will look to be certified against are:

• ISO 27001: This international security standard provides a framework for “establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.” It is designed to help companies protect key information assets and comply with legal and regulatory requirements.
• SOC 2: While ISO 27001 and SOC 2 overlap, some analysts have argued that SOC 2 takes a more flexible approach, built around five key criteria: security, availability, processing integrity, confidentiality, and privacy. 
• GDPR: The General Data Protection Regulation is an EU law, but its scope and the breadth of the bloc’s coverage means it has implications for global firms. It also applies to firms processing EU citizens’ data, even if the company is not in the region. GDPR provides extensive guidance on how personal data should be handled and the consent firms need to get before using this data. Fines for non-compliance can reach 20 million Euros or 4 percent of global revenue, whichever is higher. 
• OAuth 2.0: Short for “open authorization,” this standard is designed to allow a website or application to access resources hosted by other web applications on behalf of a user. It is the industry standard for online authorization.
  

How ComplyAdvantage Mesh approaches data security and privacy

The ComplyAdvantage Mesh platform meets these core global security standards, offering a number of certifications and capabilities, including:

• ISO27001 compliance.
• SOCII compliance.
• OAuth2 is built into our REST API.
• GDPR-compliant solutions and data handling practices.
• Encryption at rest.
• Encryption in transit.
• The ability to separate and segregate data geographically.
• Identity authentication.
• Single sign-on (SSO) across a range of identity providers.
• Configurable passwords.
• Configurable roles-based permissions.

Find out more about ComplyAdvantage Mesh by reading the other articles in the series:

• Case management
• Insights and data
• Software integration
• Risk scoring

The post Data privacy and security essentials in ComplyAdvantage Mesh appeared first on ComplyAdvantage.

This article explores common challenges with dynamically assigning a customer risk rating that we encounter in our conversations with customers and outlines how risk scoring in the ComplyAdvantage Mesh platform solves these challenges. 

What is AML risk scoring?

An AML risk score refers to the level or category assigned to customers based on various potential factors. These may include a customer’s country of residence, profession, or the products they are using. To be truly effective, risk scoring must be dynamic, as a customer’s level of risk may rise and fall over time based on new information or behavioral changes.

How does effective risk scoring help with AML compliance?

When implemented effectively, customer risk scoring helps compliance professionals prioritize the greatest potential threats to their business. For example, a high-risk customer will likely require greater due diligence and a review by more senior analysts or team leads. By contrast, lower-risk clients may present risk signals that can be analyzed more quickly or in bulk with other similar cases. An AML risk scoring model can also automatically filter out prospective clients at onboarding who present an unacceptable level of risk to the business, again saving valuable analyst time. 

Common challenges in implementing risk scoring for AML

When we talk to financial institutions about AML customer risk scoring, common challenges include a lack of risk scoring altogether, overly manual risk scoring, or the tools built for risk scoring being designed in-house. Behind these challenges sit several factors:

• The time taken to develop risk models—in some cases, teams have taken more than three months.
• An inability to prioritize or allocate compliance resources efficiently.
• Risk decisions are based on subjective judgments rather than data.
• An inability to monitor and detect risk changes among an existing customer base. 
• Applying a one-size-fits-all approach that disregards risk levels.
• A failure to segment customers based on their risk levels.
• Human errors, data losses, and/or a lack of integration.
• The lack of a targeted approach to identifying, assessing, and mitigating risk.  

AML risk scoring models: The ComplyAdvantage solution 

The ComplyAdvantage Mesh platform offers highly configurable risk scoring so firms can build models specific to the risks of their organization and the particular products and services they offer. Here’s how it works: 

An important part of dynamic risk scoring is the weighting of different factors. Age, country of residence, profession, etc., are all important but may not be considered equal factors. This is how the Mesh platform allows compliance leads to weigh their risk scores, using the hypothetical example of John Smith. Mr Smith was born on January 1, 2000, in Italy.

The diagram above shows that Mr Smith is given a ‘low’ AML risk score using the example attribution model. 

Best practices for implementing an effective AML risk scoring with ComplyAdvantage

Underlying this risk model approach are five core principles that have shaped the development of our risk-scoring solution:

1. A fully automated process. Manual elements will cause risk scores to become outdated, with risks slipping through the cracks and low-risk customers facing a disproportionate level of due diligence.
2. Minimal levels of coding required. Ideally, compliance teams should be able to build and adapt risk models without engineers’ support. The need for custom coding will add costs and reduce the speed at which updates can be made.
3. The ability to link customer reviews back to the business-wide risk assessment. Factors such as country, professional, product, channel, and more should be included in alignment with the firm’s overall risk-based approach. This is especially important when weighing the importance of individual risk factors. 
4. Flexible workflows that ensure, for example, that prospective customers with prohibited statuses are automatically skipped at onboarding. Automatic workflows also enable firms to quickly onboard customers where no results are shown and prioritize cases that sit in between where an analyst needs to assess the level of risk. 
5. Scores and methodologies are easily visible and explainable. In addition to assessing customers at the micro-level, macro-level reporting via dashboards helps firms assess risk at the customer population level and supports teams in meeting their regulatory requirements. 

Why does ComplyAdvantage Mesh offer dynamic AML risk scoring? 

Risk scoring in the ComplyAdvantage Mesh platform has been built with the needs of compliance leaders in mind. The diagram below shows how risk scores are updated. 

The categories firms can configure in their risk-scoring models are aligned with the business-wide risk assessment:

• Basic information
• Screening
• Geography
• Product
• Channel 

Scores and weightings can be set across all these categories. In addition, Mesh offers: 

• Total automation, with risk scoring enabled via API.
• Unlimited risk models.
• Insightful reporting to help firms understand how customers contribute to overall business risks.
• Customer support and guidance to enable firms to build models based on industry best practices.

Find out more about ComplyAdvantage Mesh by reading the other articles in the series:

• Case management
• Insights and data
• Data security
• Software integration

The post How to implement effective, dynamic financial crime risk scoring with ComplyAdvantage Mesh appeared first on ComplyAdvantage.