Anti-money laundering under pressure: Payments leaders face rising threats

23 September 2025
by Payments Intelligence

What is this article about?

Escalating money laundering and terrorist financing risks in the European payments sector and the regulatory pressures they create.

Why is it important?

Systemic weaknesses, regulatory scrutiny, and criminal innovation are reshaping compliance expectations and exposing institutions to greater risk.

What’s next?

Payment institutions must strengthen AML/CFT frameworks, adopt effective regtech solutions, and treat compliance as a strategic advantage rather than a burden.

Payment institutions across Europe face mounting pressure as money laundering (ML) and terrorist financing (TF) risks reach unprecedented levels. UK firms are navigating particularly complex challenges as they balance domestic innovation with continental compliance requirements. The latest European Banking Authority (EBA) risk assessment reveals that 70% of competent authorities across the EU report high or increasing ML and TF risks in the fintech sector, highlighting systemic challenges that transcend national boundaries.

The data suggests a fundamental shift in the risk landscape, where rapid growth may not have been accompanied by robust anti-money laundering (AML) and combating the financing of terrorism (CFT) controls, with some fintech providers prioritising customer acquisition over compliance. This trend affects institutions throughout Europe, though UK firms face additional complexity as they operate across multiple regulatory frameworks following Brexit.

Enforcement data demonstrates the growing regulatory scrutiny across all jurisdictions: minor breaches more than doubled from 2020 to 2024 and increased by 40% between 2022 and 2024. 61% of breaches across all sectors were caused by customer due diligence shortcomings. The Financial Conduct Authority (FCA) has mirrored this trend with increased supervisory actions, while UK institutions with European operations must simultaneously meet evolving standards across multiple jurisdictions.

"The adoption of a risk-based AML framework that also includes terrorist, proliferation financing and emerging threats, real time analytics and a streamlined KYC/CDD process are all important elements that preserve efficiency, ensure effectiveness while still allowing for innovation. Striking such balance is challenging but possible with relevant expertise, training, international risk typology information sharing and resource allocation. 

"Compliance is no longer just about avoiding fines; it’s about earning trust in an environment of increasing financial crime sophistication.  PIs can facilitate this by clever deployment of dynamic risk scoring and use of biometric ID verification to enhance onboarding speeds and reduce onboarding friction. Further use of AI tools to reduce false positives as part of screening practices and TM alerts will reduce operational issues at both onboarding and on an ongoing basis."

"Good compliance makes good business sense, but it's never one size fits all. Payment institutions should choose RegTech suppliers they can work closely with, offering flexibility rather than rigid solutions. The EBA findings highlight that collaborative partnerships and adaptable technology selection, rather than pure innovation, determine successful compliance outcomes."

"Some of the key challenges include navigating the evolving risk landscape, shaped by technological advances and a dynamic business environment. Oversight of intermediaries, agents, outsourced and third-party providers presents difficulties. Equally, effective onboarding, ongoing customer screening, and transaction monitoring are critical, as weaknesses undermine detection of suspicious activity. Embedding strong governance, clear risk awareness, and keeping pace with changing laws across jurisdictions remain essential for effective local and cross-border compliance."

Technology-driven risk evolution challenges all providers

Between 2022 and 2024, the number of licensed or registered crypto asset service providers has multiplied by 2.5 to reach 2,525 at the end of 2024, while traditional payment institutions increasingly integrate crypto-adjacent services to remain competitive.

64% of competent authorities highlight exposure to cybercrime, including cyber-enabled fraud, as an important vulnerability (up from 39% in 2023). While 55% point to complex internal arrangements, such as widespread reliance on outsourced services provision, as a significant or very significant ML or TF risk. These trends affect institutions throughout Europe, though different business models create varying exposure levels.

Cross-border complexity has become further-reaching, with 86% of competent authorities considering the risk associated with cross-border transactions to be significant or very significant. UK institutions, traditionally strong in international payments, have leveraged this expertise to maintain competitive positions despite Brexit-related operational changes.

52% of competent authorities identify transaction monitoring deficiencies, while 48% highlight customer due diligence measure failures (up from 34% in 2023). The findings suggest systemic issues rather than jurisdiction-specific problems, with 52% of competent authorities citing an overall lack of understanding by institutions of ML/TF risks associated with their fintech products and services (up from 35% in 2023).

Virtual infrastructure creating pan-European vulnerabilities

The EBA’s analysis reveals that almost a quarter of competent authorities for payment institutions highlight that vIBANs can obscure the identity of account holders. Competent authorities of credit institutions are more concerned with distinguishing between payments received through virtual and traditional current accounts.

The complexity escalates with multi-layered arrangements. “Cascading vIBANs”—where a PSP provides its customers with vIBANs generated by another institution—are considered very significant risks by competent authorities in both sectors. This affects institutions throughout Europe, though those with extensive international operations face disproportionate exposure.

White labelling arrangements present sector-wide challenges. Ninety percent of competent authorities who currently assess ML/TF risks associated with white labelling rate these risks as medium or high. Yet nearly half of all competent authorities do not assess this risk adequately, potentially due to limited awareness of the extent of white labelling in their Member State.

The number and complexity of EU sanctions measures create challenges for financial institutions, as sectoral restrictive measures cannot be implemented through standard sanctions screening tools. The EBA database documents 109 material weaknesses related to restrictive measures submitted by 20 competent authorities between 2022 and 2024, indicating widespread implementation challenges rather than isolated failures.

Criminal innovation is outpacing defensive measures

Financial crime is becoming increasingly sophisticated, with criminals using Artificial Intelligence (AI) to automate money laundering schemes. Perpetrators are using AI to generate fake documents, simulate legitimate operations, and utilise deepfake technologies to evade customer due diligence (CDD) measures.

The ‘2024/2025 EBA Consumer Trends Report‘ identifies payment fraud as the most significant issue for EU consumers, while fraud risk has grown sharply from 33% agreement in March 2023 to 52% in March 2025.

More than half of all submissions to the EBA’s EuReCA database suggest that serious compliance failures were due, at least in part, to the improper use of AML/CFT regtech. The authority identified 277 material weaknesses linked to issues involving regtech technologies across financial institutions in 2023 and 2024.

The 10-second execution rule limits the time available for checks, making it challenging to identify and stop unusual transactions before completion. This affects all providers offering real-time payment services, regardless of their domestic market focus.

35% of competent authorities observed an increasing crossover in services between crypto asset service providers and e-money institutions, and crypto asset service providers (CASPs) and payment institutions for the conversion of cryptocurrency to fiat currency and vice versa, creating spill-over risks into other sectors that affect the entire payments ecosystem.

Sector-wide compliance deterioration demands response

The EBA’s analysis reveals that the number of less significant residual risks in payment institutions went down from 16% in 2021 to 6% in 2024. The number of significant risks increased from 53% in 2021 to 56% in 2024. This trend suggests systemic rather than isolated challenges.

While credit institutions tend to have CDD policies and procedures in place, they often fail to apply them effectively, and payment institutions frequently struggle with resource constraints. Deficiencies in the effectiveness of ongoing monitoring were identified in credit institutions, e-money institutions, bureaux de change, collective investment undertakings/fund managers, and investment firms, indicating sector-wide implementation challenges.

Supervisory intensity has increased across all jurisdictions. There has been a 41% increase in off-site reviews from 2022 to 2024, with regulators across Europe adopting more intrusive supervision approaches. This reflects growing recognition that traditional oversight methods require enhancement to address evolving risks.

TF controls show particular weaknesses across all sectors. Between 2022 and 2024, 62 material weaknesses related to TF risk were reported, with almost half involving the lack of a sufficiently robust methodology for assessing TF risks. The data reveal that financial institutions did not adequately distinguish between ML and TF risks in their business-wide risk assessments.

Strategic adaptation drivers

Forward-thinking institutions across Europe are developing sophisticated compliance frameworks that balance regulatory requirements with operational efficiency. Regtech solutions offer significant benefits in the fight against financial crime. Helping streamline workflows, create dynamic risk profiles and enable institutions to manage large data volumes efficiently, though implementation requires careful consideration.

Deployment requires avoiding common pitfalls. Fifty-five percent of competent authorities consider that outsourcing of regtech poses a significant or very significant risk, while 46% assess risks related to the use of automated solutions without adequate safeguards as significant. This suggests that technology selection and governance, rather than pure innovation, determine outcomes.

Enhanced due diligence frameworks are evolving to address modern threats. The EBA emphasises the importance of distinguishing between targeted financial sanctions against terrorism and the detection of TF, with detection being just as, if not more, important than targeted sanctions. Leading institutions are developing integrated approaches that address both traditional and emerging risks.

Resource allocation strategies reflect changing supervisory expectations. Levels of supervisory engagement have increased across all sectors, with competent authorities highlighting a significant number of targeted and thematic inspections. Institutions that regard enhanced supervision as an opportunity for competitive differentiation achieve better outcomes than those that treat it solely as a compliance burden.

Looking ahead

The regulatory landscape continues to evolve rapidly, with growing awareness of ML/TF risks, although the effectiveness of AML/CFT systems remains uneven. Underscoring the need for continued regulatory clarity and a more consistent application of risk-based approaches across the EU financial sector. Institutions that successfully adapt to these requirements will gain competitive advantages through superior risk management capabilities and enhanced customer trust.

The transformation represents both challenge and opportunity, with market leadership increasingly determined by compliance excellence rather than pure innovation. Those institutions that integrate robust risk management into their core business strategies are positioned to thrive in this new regulatory environment.