Vixio's Lesson Learned: Ukraine Signals Continued AML Enforcement Intensity in 2026

In a clear indication that Ukraine is gaining momentum in its fight against financial crime regarding anti-money laundering (AML) failures, the National Bank of Ukraine (NBU) announced the issuance of seven enforcement actions in December 2025 against a diverse range of financial institutions. 

The enforcement actions were: 

• JSC MIB was fined UAH13.515m (approximately €270,000).
• Forward Finance was fined UAH340,000 (approximately €6,800).
• Ev.Ro Lombard was fined UAH595,000 (approximately €11,900).
• Clearing House was fined UAH200,000 (approximately €4,000).
• Motor Bank was fined UAH200,000 (approximately €4,000).
• Oschad Bank was fined UAH5.5m (approximately €110,000).
• Tascom Bank was fined UAH10m (approximately €200,000). 

These measures were imposed for various AML deficiencies, notably failures in customer due diligence, including enhanced due diligence for politically exposed persons (PEPs), inadequate internal AML policies and procedures and a failure to assign high-risk categorisation to clients subject to sanctions. 

Announced on January 6, 2026, the timing of these enforcement actions at the outset of the year provides early insight into the NBU’s supervisory focus for 2026. Despite the ongoing conflict, the measures indicate that regulatory expectations in the AML area have not been relaxed. Instead, supervisory attention appears to remain firmly focused on rigorous compliance and risk management standards. 

When looking at Vixio’s Horizon Scanning data regarding enforcement activity in Ukraine for the whole of 2025, there is a clear scaling of activity in the second half of the year. It is particularly evident in relation to AML enforcement, when the issuance of these seven enforcement actions in December made up the majority of enforcement activity, illustrating AML compliance is becoming a more important supervisory focus for the NBU going into 2026. 

The bigger picture

Set against Ukraine’s sensitive economic and financial landscape, these enforcement actions illustrate how the ongoing conflict has materially altered the country’s AML risk profile, particularly in the financial services sector and why supervisory tolerance for control weaknesses has narrowed rather than eased. 

Since the start of the conflict in 2022, Ukraine has seen an increase in cross-border payments linked to humanitarian aid, donor funding, military-related procurement, remittances from displaced persons and emergency financial support from international partners. At the start of this year, the NBU stated that, in 2025, 595.1m payments were made through the instant payment system (SEP) for a total amount of UAH273.6trn (approximately €5.47trn). Compared with 2024, this was a 23 percent increase in the number and a 13.5 percent increase in volume. At the same time, restrictions on cash usage, reliance on digital payment channels and the need to maintain operational continuity under crisis conditions have increased the volume, speed and complexity of transactions flowing through the financial system. These dynamics amplify exposure to money laundering, sanctions evasion and the misuse of the payment infrastructure, making effective AML controls a critical pillar of financial stability rather than a purely compliance-driven obligation. 

The NBU highlighted specific deficiencies in the enforcement actions, showing how these AML weaknesses are interconnected and can lead to other compliance failures and exposure to risk. Where institutions fail to conduct adequate customer due diligence, including enhanced due diligence for PEPs, this in turn directly impairs an institution’s ability to assess heightened risks when establishing new business relationships or monitoring existing ones. 

At the same time, inadequate sanctions screening and the failure to assign high-risk classifications to sanctioned or high-risk clients not only weakens firm-level controls but also undermines Ukraine’s ability to enforce international restrictive measures, which are central to the broader geopolitical response to the conflict. 

As a result of unclear procedures, insufficient escalation mechanisms and limited staff guidance, the effectiveness of frontline controls decreases, leading to inconsistent application of risk-based measures. These shortcomings create a “domino effect”, with one deficiency triggering another, which could then lead to another and more with potentially escalating and impactful consequences. 

In an environment of conflict, such weaknesses can translate into systemic vulnerabilities. The NBU’s enforcement actions can be seen as a conscious effort to reinforce institutional accountability and ensure that AML controls function effectively in practice, not merely on paper. 

As Ukraine attempts to move closer to European Union (EU) integration, the NBU’s actions show a commitment to ensuring accountability and transparency. At the EU level, the policy stance on financial crime is hardening, with the adoption of a comprehensive AML package that tightens requirements across the financial sector. 

For Ukraine, convergence with these standards is more than a formal alignment exercise. In November 2025, the deputy minister of finance for European integration stated that the Ministry of Finance pays special attention to the further development of AML policy, as it is an important condition for Ukraine’s European integration and the foundation of national and global financial security. Demonstrating strong AML controls strengthens confidence among European partners, supports continued access to international financial assistance and enhances the country’s attractiveness to investors. The European Commission has acknowledged Ukraine’s progress in tackling money laundering, stating that the country has demonstrated an impressive capacity to deliver reforms, even during wartime. 

Lessons learned 

Although the specific breaches vary across institutions, the underlying deficiencies are recurring and interdependent. Firms operating in Ukraine, or in other high-risk jurisdictions, can draw the following lessons to strengthen their AML frameworks and avoid similar enforcement actions.

1. Risk-based approach from board oversight to frontline execution

• Board and senior management should:

1. Approve and document AML risk appetite that explicitly reflects wartime financial flows, elevated sanctions exposure, increased PEP risk and the reliance on digital and instant payment channels.
2. Ensure that the risk appetite is reviewed at least annually and following material changes in the operating environment.
3. Challenge whether reported risk ratings align with actual exposure, rather than historic assumptions.

• Compliance and AML teams should:

1. Conduct and document a comprehensive AML risk assessment that covers products, delivery channels, customer types and sanctioned jurisdictions. This should explicitly address conflict-related risks.
2. Translate risk assessment outcomes into customer risk scoring methodologies.
3. Ensure that sanctioned and high-risk customers are automatically escalated and cannot be misclassified as medium or low risk.

• Frontline and customer-facing teams should:

1. Apply customer risk classifications consistently at onboarding and during periodic reviews (ongoing monitoring).
2. Escalate deviations between customer behaviour and assigned risk ratings. 

2. Customer due diligence (CDD) and enhanced due diligence (EDD)

• Compliance and AML teams should:

1. Maintain clear, step-by-step CDD and EDD procedures aligned with the Law of Ukraine “On Prevention and Counteraction to the Legalisation (Laundering) of Proceeds of Crime, Financing of Terrorism and Financing of the Proliferation of Weapons of Mass Destruction” and any further NBU guidance.
2. Define mandatory EDD triggers in internal policies or procedures, including PEP status (including family members and close associates), sanctions exposure and high-risk jurisdictions or sectors.
3. Ensure EDD measures go beyond formal identification and include the source of funds, the source of wealth and the transaction rationale.

• Frontline and customer-facing teams should:

1. Create questionnaires for high-risk clients which are regularly reviewed and updated when circumstances change.

• Internal audit teams should:

1. Test whether the EDD requirements are applied in practice, not just stated in policy.
2. Sample high-risk and PEP files to assess the quality and consistency of the information that is collected. 

3. Sanctions screening and restrictive measures

• Compliance and AML teams should:

1. Implement clear sanctions screening procedures which include real-time screening where relevant, escalation thresholds and the decision-making authority.
2. Ensure that sanctions screening outputs feed directly into risk classification and control measures.
3. Regularly test screening tools against the updated sanctions list.

• Payments teams should:

1. Ensure sanctions alerts are reviewed promptly and escalated appropriately.
2. Prevent processing transactions where the sanctions status is unclear or unresolved.
3. Document decision-making processes for audit and supervisory review. 

4. Regulatory reporting and data quality

• Reporting teams should:

1. Ensure the timely and accurate submission of threshold transaction reports, internal audit findings, suspicious activity reports (SARs) and other documentation requested by the NBU or relevant authority.
2. Implement robust controls to ensure SARs are complete and consistent with transaction data, avoiding template-driven reporting.
3. Maintain documentation demonstrating how data is compiled, reviewed and approved. 

Conclusion

Although the precise regulatory framework, supervisory authority or risk profile may differ across markets, the underlying principles revealed by the NBU’s actions are universally applicable. Enforcement actions in one jurisdiction can therefore provide valuable insight into supervisory expectations elsewhere, particularly as global standards continue to converge. 

Such enforcement actions also demonstrate how weaknesses in one part of the AML framework can undermine the system's effectiveness as a whole. 

Looking ahead, the NBU is likely to maintain its focus on AML as a core pillar of financial system integrity following escalating enforcement actions throughout 2025, aligning with the global focus on AML governance. The NBU could be expected to issue further guidance clarifying AML expectations, on how to effectively implement AML controls in practice and how to go beyond the legislative requirements as demonstrated in its recent guidance on approaches to shell companies. As Ukraine aims to move closer to EU integration and aligns with FATF recommendations, cooperation with EU bodies and international partners regarding influencing frameworks and information sharing can be expected. 

The EU’s strengthening of its AML framework and introduction of the Anti-Money Laundering Authority provide an important contextual backdrop to this enforcement trajectory. Both EU reforms raise expectations around supervisory and governance consistency, with AML effectiveness becoming a key test of supervisory credibility. For Ukraine, where EU accession remains a priority, demonstrating credible AML enforcement can be perceived as an indication that it is ready to align with EU standards and FATF recommendations. 

Firms that treat enforcement outcomes as cautionary case studies, rather than isolated events, will be better placed to strengthen governance and improve control effectiveness.