Introduction to Anti-Money Laundering Regulations
Written by: Tom Devlin
Anti-Money Laundering (AML) regulations are a collection of laws and standards that prevent criminals from exploiting financial systems. AML is critical in the financial sector to stop illicit money flows, which can involve drug trafficking, corruption, fraud and terrorist financing. The impact of money laundering is far-reaching as it undermines economic stability and erodes trust in governments and institutions. There are international standards and best practices to help coordinate global efforts against money laundering. Compliance with AML regulations is vital to prevent serious financial crimes, avoid enforcement actions, protect an institution's reputation and maintain customer trust.
In this guide, you will learn the fundamentals of money laundering, the global regulatory landscape, the role of emerging technologies and the best practices to meet AML compliance requirements.
Anti-Money Laundering Regulations: 2025-2026 Updates
Money laundering occurs when criminals exploit the financial system to hide the origins of criminally obtained funds. Although the methods used vary in complexity, they usually follow these three steps.
EU AMLA (operational in 2026)
The EU’s new AML Authority (AMLA) began operations in 2026, introducing centralised supervision and improving cross-border coordination across member states.
FinCEN BOI rollback
FinCEN confirmed a rollback of beneficial ownership reporting requirements, significantly shifting earlier AMLA 2020 expectations around corporate transparency in the United States.
FATF stablecoin risk updates
FATF highlighted increasing money laundering risks linked to stablecoins, urging stronger oversight of virtual asset service providers and cross-border crypto transactions.
6AMLD implementation progress
EU member states continue implementing 6AMLD, with varying progress across jurisdictions, aiming to harmonise enforcement and strengthen criminal liability for financial crimes.
FinCEN private fund rule delay
FinCEN delayed AML requirements for investment advisers to January 2028, giving firms additional time to prepare for expanded compliance obligations.
What is Money Laundering?
Money laundering occurs when criminals exploit the financial system to hide the origins of criminally obtained funds. Although the methods used vary in complexity, they usually follow these three steps.
Placement - This is where illicit funds first enter the financial system through transactions, purchases and transfers. Large sums are usually divided into smaller sums. These may be deposited into a number of different accounts to avoid suspicion.
Layering - After the funds have entered the financial system, criminals disguise their origins. The funds are moved around to hide the trail and this can involve many transactions across different entities and countries.
Integration – The final step involves the laundered money entering the legitimate economy, allowing criminals to spend it without raising suspicion. This can be done through a bank transfer or selling investments/assets. The funds now appear legitimate and can be used.
Money Laundering Schemes
Examples of money laundering schemes include but are not limited to:
Shell Companies – These inactive companies are not trading and have no tangible assets or operations. Launderers use these companies to move funds through to hide their origin. Shell companies may "buy" and "sell" products or services to each other to conceal the origin of the funds.
Cryptocurrencies – Virtual assets such as Bitcoin are less regulated than traditional cash and therefore criminals have been exploiting them to launder ill-gotten funds. Some crypto assets allow for almost total anonymity, making it difficult for authorities to trace transactions.
Trade-Based Money Laundering (TBML) - This scheme exploits the complexities and divergences in international AML regulations and laws and involves moving funds across different countries. Multiple individuals and entities are usually involved in this process, and fake invoices and misclassification of goods are often used.
Who Regulates Anti-Money Laundering Globally?
There is cooperation across countries to prevent the global flow of illicit funds. Several organisations align AML standards and work towards setting effective practices. They include:
FATF (Financial Action Task Force) - Founded in 1989, it leads global action to tackle money laundering and terrorist financing and issues recommendations through its member countries for effective AML measures. It assesses the strength of a country's AML/CFT framework based on specific criteria.
FATF Recommendations Explained
The FATF Recommendations are a set of 40 international standards that guide countries in preventing money laundering, terrorist financing, and other financial crimes. They form the foundation of most national AML regulations and are used to assess the effectiveness of a country’s compliance framework. The 40 recommendations cover:
-
Customer due diligence
-
Beneficial ownership transparency
-
Transaction monitoring
- International cooperation
Basel AML Index
The Basel Institute of Governance publishes the Basel AML Index, an independent ranking that evaluates the risks of money laundering and terrorist financing across jurisdictions. Data is sourced from the FATF and other bodies such as the World Bank.
United Nations Office on Drugs and Crime (UNODC)
A United Nations Office that leads international initiatives against drug crime, international terrorism and political corruption. It provides technical assistance and policy guidance.
Egmont Group
This voluntary group made up of 177 financial intelligence units (FIUs) that share intelligence to prevent money laundering and terrorist financing.
Wolfsberg Group
This association of 12 global banks helps to develop frameworks, guidance and best industry practices for the prevention of financial crime in the private sector. The group aims to raise standards across the industry and ensure the private sector plays a pivotal role in the battle against financial crime.
AML Regulations Around the World
| Region | Key Regulators | Core AML Laws/Frameworks | Key 2026 Updates |
| UK | Financial Conduct Authority (FCA), HMRC, NCA | Money Laundering Regulations 2017 (as amended 2023) | Increased FCA enforcement activity; focus on KYC controls and transaction monitoring effectiveness (e.g. recent fines across retail banking sector) |
| EU | European AML Authority (AMLA), European Banking Authority (EBA) | 4th, 5th, 6th AML Directives (AMLD) | AMLA operational in 2026, introducing centralised supervision and enhanced cross-border coordination |
| US | Financial Crimes Enforcement Network (FinCEN) | Bank Secrecy Act (BSA), Anti-Money Laundering Act 2020 | FinCEN rollback of Beneficial Ownership (BOI) reporting requirements; ongoing focus on enforcement and transparency reforms |
| APAC | MAS (Singapore), AUSTRAC (Australia), HKMA (Hong Kong) | Country-specific AML frameworks aligned to FATF | Increased regulatory focus on digital assets and cross-border payments; Australia progressing major AML reforms |
| Middle East | MENAFATF, VARA (UAE), SAMA (Saudi Arabia) | National AML laws aligned with FATF | Rapid regulatory development, particularly around virtual assets and financial crime frameworks in UAE and GCC |
AML Regulations in the United States
The Bank Secrecy Act (BSA) of 1970 mandates banks and other financial institutions with record-keeping and reporting requirements to promote financial transparency and prevent money laundering. The Anti-Money Laundering Act of 2020 (AMLA 2020) introduced significant reforms aimed at modernising the U.S. AML framework, including expanded whistleblower protections, increased penalties, and a stronger focus on beneficial ownership transparency. However, recent developments have shifted the regulatory landscape.
In 2026, FinCEN confirmed a rollback of certain Beneficial Ownership Information (BOI) reporting requirements, marking a notable change from earlier expectations under AMLA 2020. While the move reduces some reporting burdens, regulators continue to emphasise the importance of transparency and robust customer due diligence (CDD) processes.
AML Regulations in the European Union
The 4th, 5th, and 6th Anti-Money Laundering Directives primarily oversee AML measures in the European Union. The 4th directive introduced critical concepts such as following a risk-based approach and improving KYC (Know Your Customer) standards. The 5th directive expanded requirements to digital currencies and prepaid cards while enhancing reporting requirements for beneficial ownership. The 6th directive aimed to avoid regulatory divergence between member states and mandated greater accuracy in beneficial ownership registers.
The European Banking Authority (EBA) is an independent agency that oversees and enforces AML/CFT compliance across member states. It aims to ensure consistent implementation of anti-money laundering regulations across states and to improve cooperation. A significant development in 2026 is the introduction of the European Anti-Money Laundering Authority (AMLA), which represents a shift towards more centralised AML supervision across the EU. AMLA has been established to enhance consistency in regulatory enforcement, improve cross-border cooperation, and directly supervise high-risk financial institutions.
AML Regulations in the UK
In the UK, AML regulations are enforced through The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. These regulations implement the EU directives and the most recent amendment was made in 2023. The Financial Conduct Authority (FCA) enforces the AML/CFT framework and provides regular guidance and conducts regular assessments of compliance.
In recent years, the FCA has taken a more proactive and enforcement-led approach to AML supervision. This includes increased scrutiny of firms’ customer due diligence processes, transaction monitoring systems, and overall risk management frameworks High-profile enforcement actions have highlighted the consequences of weak AML controls. For example, major fines issued to UK financial institutions have been linked to deficiencies in onboarding processes, inadequate monitoring, and failures to address known risks. These cases underscore the importance of maintaining robust, scalable AML frameworks that can adapt to evolving regulatory expectations.
AML Regulations in Asia-Pacific (APAC)
In the Asia-Pacific region, major economies like Singapore, Australia and Hong Kong have established robust AML frameworks that broadly align with the Financial Action Task Force (FATF) recommendations. These are overseen by the Hong Kong Monetary Authority (HKMG), AUSTRAC in Australia and the Monetary Authority of Singapore (MAS).
Recently, regulators across APAC have increased their focus on emerging risks, particularly in digital assets, cross-border payments, and fintech innovation. Australia, for example, is progressing significant reforms to expand its AML regime, while Singapore and Hong Kong continue to strengthen oversight of virtual asset service providers (VASPs).
AML Regulations in the Middle East and Africa
The Middle East has seen enhanced AML measures through regional initiatives like the Middle East and North Africa Financial Action Task Force (MENAFATF). In Africa, the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG) promotes regional cooperation source.
At a national level, regulators such as the UAE’s Virtual Assets Regulatory Authority (VARA) and the Saudi Central Bank (SAMA) are introducing more robust frameworks, particularly in relation to digital assets and cross-border financial activity.
Who Must Comply with Anti-Money Laundering Regulations?
Financial Institutions
Financial institutions such as banks, building societies, credit unions and insurance companies are prime targets for criminals as they handle large volumes of cash transactions and complex international transfers. They provide an avenue for money launderers to 'clean' their illicit funds and these institutions are often exposed to high-risk customers. As a result, financial institutions must comply with stringent regulations to ensure that systems are not exposed to financial crime threats. 
Non-Financial Businesses
Non-financial sectors can also be at risk of financial crime. Real estate is a common target for criminals as property sales enable them to move large sums and it can be challenging to trace the true origin of funds, especially when dealing with complex ownership structures. The gambling industry is also targeted as it manages a large cash flow. Both physical and online casinos can be at risk. Trading high-value goods carries similar risks because luxury items can be bought with laundered cash and then resold.
Professionals
Professionals such as lawyers and accountants are often targets for money laundering due to their roles in creating trust accounts, managing funds and structuring financial transactions. Lawyers can also be directly involved in the creation of shell companies, while accountants can potentially miss suspicious transactions during audits. The confidential nature of their work makes it more challenging to detect illicit financial transactions.
Trust and Corporate Service Providers (TCSPs)
TSCPs are involved in setting up corporate structures and trust accounts and, therefore, are vulnerable to money laundering risk, especially since these structures can be complex and for offshore clients. The FATF has provided specific recommendations for TSCPs to minimise money laundering risk.
Emerging sectors: Cryptocurrency and Fintech
Emerging sectors like cryptocurrency and fintech have caught the attention of criminals. Cryptocurrencies can facilitate anonymous transactions, making it challenging for regulators to monitor. The rise in fintech has improved customer experience and allowed for frictionless payments, even across borders. However, the speed of these technologies also increases the risk of money laundering and regulators need to adapt quickly to stop criminals exploiting loopholes.
What are The Key AML Compliance Requirements?
Customer Due Diligence (CDD
Customer due diligence involves collecting and verifying customer information to ensure its accuracy. Through KYC Screening, some customers may be identified as "high-risk" if they are at a higher risk of being exposed to corruption or if they are a politically exposed person (PEP). In this case, enhanced due diligence such as PEP screening is needed, involving additional monitoring and a deeper investigation to confirm the legitimacy of the information given.
Ultimate Beneficial Ownership (UBO)
Ultimate beneficial ownership (UBO) refers to the individual who controls or owns an asset or business, even if it is legally owned by a separate entity or person. Identifying UBOs is critical to promoting corporate transparency and accountability, performing thorough customer due diligence (CDD), and mitigating the risks of enforcement action from regulatory authorities.
Know Your Customer (KYC)
Know Your Customer (KYC) describes the specific processes and procedures that financial institutions must follow to confirm the identity of their customers. This includes requirements for original identity documentation and proof of address. Verifying these documents helps to prevent financial crime by having a transparent profile of customers and enabling an organisation to quickly spot red flags.
AML Risk Assessment
An AML risk assessment is the process of identifying, evaluating, and mitigating the risk of money laundering within an organisation. It enables firms to apply a risk-based approach, ensuring that resources and controls are proportionate to the level of financial crime risk they face. By conducting regular AML risk assessments, organisations can proactively identify vulnerabilities, strengthen compliance frameworks, and reduce the likelihood of regulatory breaches or financial crime exposure.
Suspicious Activity Reporting (SAR)
Suspicious Activity Reporting (SAR) is critical for AML/CFT compliance. It requires institutions to report all unusual or suspicious activities. These can include high-volume cash transactions without a clear origin, frequent transfers to high-risk jurisdictions, unusual patterns of transactions and inconsistent customer information. SARs must be filed by a firm's nominated officer within 30 days of detecting suspicious activity. Submission requires a detailed report reviewed by senior compliance officers and directed to the relevant authorities.
Record Keeping Requirements
AML regulations require firms to retain records such as transaction details, client identities and due diligence documentation for a period of five to seven years. These records help maintain transparency, support investigations and identify patterns that uncover financial crime. To meet AML compliance requirements and reduce the need for constant KYC remediation, these records need to be regularly updated.
AML Training and Auditing
Firms must ensure their staff have adequate training to ensure they are aware of the latest money laundering regulations and are clear with their specific responsibilities. Regular audits are required to assess a firm's effectiveness of existing controls and identity any gaps. These audits verify that the right procedures and protocols are being followed and correctly documented.
The Role of AI and Technology in AML Compliance
The emergence of new technologies such as cryptocurrencies and fintech has led to AML regulations needing to adapt to new threats. Both technologies allow for quicker transactions, making them susceptible to financial crime. Institutions have needed to adapt to this new regulatory landscape, ensuring their controls can deal with the unique threats posed by these technologies.
As money laundering regulations become more stringent, firms are having to deal with increased AML compliance requirements. RegTech solutions have emerged to streamline these operations and allow firms to scale their compliance, with automated KYC software that reduces manual effort, such as the rekeying of data. Often, these activities are cumbersome and can reduce staff morale. RegTech solutions, such as client onboarding KYC software or AML KYC screening, can free up staff to focus on commercial objectives, and as a result, compliance can be seen as an enabler of growth.
Technologies such as Machine Learning and AI are being utilised by these solutions to analyse large datasets and flag suspicious activity. The use of blockchain technology may also impact AML efforts and increase transparency as a decentralised ledger provides a record of transactions that cannot be tampered with.
One of the biggest challenges in AML compliance is the high volume of false positives generated by traditional monitoring systems. AI and advanced analytics help reduce unnecessary alerts by improving risk scoring and contextual understanding of customer behaviour. This allows compliance teams to focus on genuinely suspicious activity, improving efficiency and reducing operational costs.
As the use of AI in compliance grows, regulators are placing greater emphasis on transparency, accountability, and explainability. Firms are expected to demonstrate how their models make decisions, ensure data quality, and maintain appropriate human oversight. While AI offers significant benefits, it must be implemented within a robust governance framework to meet regulatory expectations.
For the latest emerging trends shaping AML regulations and solutions, view our latest AML outlook report.
How to Implement AML Compliance (Step-by-Step)
Implementing anti-money laundering (AML) compliance requires a structured, risk-based approach that aligns with regulatory expectations while remaining scalable as an organisation grows. The following steps outline the core components of an effective AML compliance framework.
-
Conduct a Risk Assessment
Begin by identifying and evaluating your organisation’s exposure to money laundering risk. This includes assessing customer types, geographic regions, products, and transaction behaviours to determine where vulnerabilities may exist. -
Establish AML Policies and Controls
Develop clear internal policies, procedures, and controls tailored to your risk profile. These should define how your organisation manages customer due diligence (CDD), transaction monitoring, and reporting obligations. -
Implement Customer Due Diligence (CDD)
Verify customer identities and assess their risk level during onboarding. Higher-risk customers may require enhanced due diligence (EDD), including additional checks, specialist politically exposed person screening and ongoing monitoring. -
Monitor Transactions and Detect Suspicious Activity
Put systems in place to monitor customer activity and flag unusual or high-risk behaviour. This enables early detection of potential money laundering and supports timely investigation. -
Report Suspicious Activity
Ensure processes are in place to escalate and report suspicious activity to the relevant authorities in line with regulatory requirements. This includes maintaining accurate and timely records. -
Train Staff and Maintain Awareness
Provide regular AML training to ensure employees understand their responsibilities and can identify potential red flags. A well-informed team is critical to effective compliance. -
Review and Update Regularly
AML compliance is not static. Regularly review your risk assessments, policies, and controls to ensure they remain effective and aligned with evolving regulations.
Best Practices to Meet AML Compliance
Establishing a Strong Internal Compliance Programme
Firms should prioritise creating a culture of compliance. This includes appointing a dedicated compliance officer who develops, implements, and enforces AML policies appropriate for the organisation's risk profile. Internal controls must be sufficiently robust, and regular audits should be conducted to mitigate financial crime risks and check that existing processes are effective. Suspicious activity reporting can be streamlined with a transparent approach and clear escalation procedures.
Regular Risk Assessments and Updates to AML Policies
AML policies must adapt to new requirements and changing organisational risk profiles. Regular risk assessments allow them to proactively identify threats and areas for improvement. By updating policies regularly, organisations can ensure their compliance processes are sufficiently robust, reducing the risk of regulatory exposures, AML failures, or fines.
Cooperation with Regulators and Ongoing Staff Training
Cooperating with regulators enables firms to remain informed about evolving regulatory expectations. Having direct communications with regulatory bodies means that firms can be proactive about specific changes to requirements. It is also vital to have regular comprehensive AML training to ensure that staff are aware of the latest financial crime tactics, reporting protocols, and specific compliance requirements. A well-trained team is vital to acting as the first line of defence in money laundering and terrorist financing prevention.
Leveraging External AML Compliance Consultants
Specialist AML knowledge is not always available internally. Establishing partnerships with external AML compliance consultants allows for independent assessments, during which an organisation can gain insights on best practices and procedures. Having this objective perspective is essential for improving internal compliance programmes.
AML Enforcement and Penalties: Recent Examples
Recent enforcement actions highlight the increasing regulatory focus on AML compliance and the consequences of weak controls. Financial institutions across the UK and globally have faced significant fines for failures in customer due diligence, transaction monitoring, and risk management frameworks.
Nationwide
Nationwide was fined £44 million for failures in its AML controls, including weaknesses in transaction monitoring and financial crime risk management. Find out the FCA’s findings, the specific gaps that led to severe enforcement action, and the key lessons for financial institutions, in our latest report.
Monzo
Monzo received a £21 million fine due to deficiencies in customer onboarding and inadequate due diligence processes. Rapid growth without sufficient compliance controls was identified as a key risk factor. Our report breaks down the specific AML gaps identified, and the missteps that led to severe enforcement action.
Conclusion
Institutions must stay ahead of fast-evolving AML/CFT regulations to protect their customers, safeguard their reputations and prevent financial crime. As regulations become more stringent, businesses should look to emerging RegTech solutions to streamline their operations, maintain compliance, and deliver effective customer lifecycle management.
Contact KYC360 today if you need assistance managing AML/CFT obligations in your organisation.