.svg)
2025 was a significant year for anti-money laundering/counter-terrorism financing (AML/CTF) enforcement worldwide, with regulators imposing hefty penalties for non-compliance.
As our H1 2025 Enforcement Outlook states, financial penalties are still the enforcement tool of choice for regulators globally and enforcement measures span the full breadth of the financial ecosystem.
From the traditional high street banks to neobanks and cryptocurrency exchanges, we saw a coordinated global effort to both regulate emerging sectors and uphold established compliance standards across the traditional financial services industry
The marked increase in regulatory action reflects intensified scrutiny of whole-cycle transaction-monitoring frameworks and digital asset platforms, driven by a volatile geopolitical landscape and the growing complexity of cross-border financial flows.
North America
- In February 2025, the US Department of Justice (DOJ) levied a fine of more than $500m against the crypto exchange OKX for failures in AML/Bank Secrecy Act (BSA) compliance. In January 2025, the DOJ had imposed a fine estimated at $297m on crypto exchange KuCoin for similar violations.
- In October 2025, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) issued a CAD176.9m ($128.5m) AML fine to Xeltox, operator of Cryptomus, another crypto exchange.
Despite high-profile political signals such as deregulatory rhetoric and pro-industry appointments associated with the Trump administration, North American regulators continue to demonstrate that enforcement expectations around financial crime controls are non-negotiable, setting the tone for 2026.
Recent large-scale penalties against crypto exchanges signal that although governments in the region support innovation and responsible crypto adoption, regulators are continuing to raise the cost of non-compliance.
They have demonstrated that they are prepared to use sanctions including substantial monetary penalties to enforce robust governance, reporting, and risk management standards.
The crypto industry will not be exempt from these standards, and will be expected to demonstrate levels of governance and support commensurate to the scale and complexity of their services.
Asia-Pacific
- In July 2025, the Monetary Authority of Singapore (MAS) imposed penalties totalling SGD27.45m ($21.45m) on nine financial institutions (six banks, two investment firms and one licensed trust) for breaches of its AML/CTF requirements.
- In July 2025, the Hong Kong Monetary Authority fined three banks a combined HKD16.2m ($2.08m) for significant AML and CTF deficiencies.
Across the Asia-Pacific region, regulators have signalled a heightened emphasis on the integrity of identification and response frameworks across the entire transaction-monitoring lifecycle.
In both Singapore and Hong Kong, the majority of enforcement actions stemmed from deficiencies in these areas, with Singaporean authorities citing failures in the timely and effective handling of post-suspicious transaction activities.
These findings underscore a regulatory expectation that extends beyond data retention alone, with firms increasingly required to evidence a holistic control environment.
This means demonstrating not only comprehensive records of customers and transactions, but also a clear, defensible understanding of how risks are identified, assessed and categorised by their systems.
These should exist alongside well-governed escalation and remediation processes that ensure appropriate follow-through.
Europe
- In November 2025, Germany’s Federal Financial Supervisory Authority (BaFin) fined J.P. Morgan SE €45m for systemic AML reporting failures – the largest AML penalty ever imposed by that authority.
- In July 2025, the UK’s FCA fined Monzo more than £21m for widespread AML control deficiencies, including failures in customer onboarding and monitoring.
- In April 2025, the Bank of Lithuania imposed a €3.5m fine on Revolut Bank UAB, the neobank’s Lithuanian-based entity, for significant deficiencies in its AML controls – the largest ever penalty issued by the central bank.
Enforcement activity across Europe has two particularly salient themes: the unprecedented scale of financial penalties and the heightened regulatory scrutiny directed at challenger banks.
Notably, both Germany’s BaFin and the Bank of Lithuania imposed their largest-ever AML fines during the year, even in the absence of confirmed instances of money laundering.
The marked escalation in penalty amounts reflects regulators’ growing recognition of the expanding revenues and cross-border footprints of multinational financial institutions, as well as a clear willingness to calibrate sanctions accordingly.
Beyond the financial impact, regulatory attention has increasingly converged on digital-first banks, with institutions such as Revolut and Monzo coming under sustained examination.
European and UK authorities have raised concerns around accelerated customer onboarding models, citing the potential for control weaknesses inherent in rapid growth strategies.
This proactive stance signals an intention to intervene early, mitigating emerging risks before they materialise into systemic failures.
As a result, both new market entrants and established challengers are expected to remain under close observation throughout 2026, with firms required to maintain comprehensive historical and current records to substantiate compliance and withstand regulatory audits.
2026 regulatory focus
The growing adoption of instant payment systems and blockchain-based transactions has materially increased the complexity of real-time transaction monitoring.
In response, regulators worldwide are placing heightened expectations on firms to ensure that their control frameworks and risk identification mechanisms evolve in step with technological advancement.
The scale of recent enforcement actions not only underscores regulators’ determination to hold financial institutions to account, but also reflects a broader commitment to addressing the risks posed by increasingly sophisticated and diverse business models.
In the coming year, we expect the scrutiny on emerging players such as challenger banks and cryptocurrency exchanges to continue. Such firms will be required to demonstrate particular rigour in the design and operation of their compliance programmes, or face increasingly harsh penalties.
Organisations should focus on maintaining robust, end-to-end oversight of transaction lifecycles, supported by clearly documented processes for both risk identification and post-suspicious transaction investigation and remediation – across historical and current activity alike.
Firms are encouraged to have clear escalation pathways beyond enhanced monitoring, support cross-sharing of information across business units to prevent bad actors from taking advantage of information asymmetry within the firm, and ensure that staff are adequately trained to identify material red flags.
Conversions were made against exchange rates as of January 6, 2026.
