The Financial Action Task Force (FATF) has issued a targeted report setting out the money laundering (ML), terrorist financing (TF) and proliferation financing (PF) risks and vulnerabilities related to stablecoins and unhosted wallets, particularly during peer-to-peer (P2P) transactions. In addition, the report identifies and shares a range of good practices that could be implemented by jurisdictions and the private sector to mitigate these risks and makes recommendations for implementation.

The report highlights that only a limited number of jurisdictions have implemented targeted regulatory frameworks for entities operating within the stablecoins ecosystem, explicitly taking into account the features that distinguish stablecoins from other virtual assets. While the FATF Standards do not require jurisdictions to adopt regulatory frameworks for stablecoin arrangements beyond those already applicable to virtual asset service providers, the FATF urges countries to recognise the specific ML/TF/PF risks associated with stablecoins and to implement proportionate and effective mitigating measures that reflect their distinct characteristics.

FATF recommends that jurisdictions should apply Recommendation 15 to all relevant entities involved in stablecoin arrangements, ensuring that they are subject to clear, enforceable ML/TF obligations. Jurisdictions should also define the roles and responsibilities of all participants throughout the stablecoin ecosystem and impose appropriate ML/TF obligations using a risk-based approach.

Read more.

HM Treasury and the Department for Science, Innovation and Technology have jointly published guidance setting out how entities regulated under the UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) can use digital verification services for customer due diligence checks. Under the MLRs, banks and other regulated entities must establish policies, controls and procedures to mitigate the risks of money laundering and terrorist financing. These include customer due diligence measures to verify the identity of customers and understand the purpose behind transactions. Digital identity services which are certified against the trust framework and on the digital verification services register can be used by regulated entities as part of their customer due diligence processes.

Specifically, for individuals, entities can fulfil their obligations under the MLRs by verifying a customer's identity using certified and registered digital identity services. Entities may also use certified and registered digital identity services to fulfil their obligations regarding the verification of company directors. Regulated entities are reminded that they should continue to make their own assessment of a customer's risk and apply enhanced due diligence measures accordingly. While digital identities may be used for identification and verification purposes, entities should not assume that digital identities fulfil all aspects of customer due diligence. Regulated entities will also remain ultimately liable for any failures to apply customer due diligence measures appropriately when using digital identity services. Entities should also ensure that services can meet the required record-retention requirements under the MLRs. The new guidance supplements but does not supersede obligations under the MLRs.

The European Securities and Markets Authority (ESMA) has launched a consultation on proposed amendments to its guidelines on delay in the disclosure of inside information, under the Market Abuse Regulation (MAR). ESMA aims to streamline requirements and reduce administrative burdens for issuers. The proposals aim to align the guidelines with the changes introduced by the EU Listing Act to ensure compatibility with the new regime. Specifically, under the Act, from June onwards, issuers will no longer be required to immediately disclose inside information relating to protracted processes before those processes are completed. Consequently, ESMA proposes removing the existing references to legitimate interests that are linked to such protracted processes. It also introduces additional legitimate interests for delayed disclosure, including where a public authority requests non-disclosure of inside information, where additional time is needed to collect information, or where the issuer is involved in multiple similar procurement processes. ESMA also proposes deleting the section about the "no misleading the public" condition from the guidelines, reflecting its removal from MAR, and replacing it with the requirement that any delayed disclosure must not contradict the issuer's most recent public announcement on the same matter. The deadline for responses is 29 April, with a final report expected in Q4.

The UK government, through the UK Office of Financial Sanctions Implementation (OFSI), has launched a call for evidence on the application of the ownership and control test under the UK Financial Sanctions Regulations. The OFSI seeks industry input on how the test operates in practice and where firms experience challenges in implementing the regulations. Specifically, firms are requested to share evidence and practical examples of: (i) how often "hypothetical control" is present in real financial sanctions cases; (ii) its effects on compliance costs, legal risk and business decision‑making including de‑risking; and (iii) whether existing legal concepts and typologies of control are helpful in applying ownership and control regulations. OFSI states the evidence gathered will inform its assessment of whether the current approach is clear, effective and proportionate, with the aim of ensuring sanctions remain tough on those they target while workable for legitimate businesses. The call for evidence is open to businesses, financial institutions, legal and compliance professionals and other interested parties. The deadline for responses is 11:59 pm on 13 April.

The European Commission (EC) has published two new webpages announcing the forthcoming adoption of two draft Delegated Regulations. The first, under Directive (EU) 2024/1640 (AMLD6), will set out the indicators for assessing the gravity of failures by member states to report adequate, accurate and up-to-date information to the central registers, including in cases of repeated failures.

The second, under Regulation (EU) 2024/1624 (AMLR), will define the categories of breaches subject to penalties, liable persons, indicators of the gravity of breaches and criteria to consider when setting the level of penalties of beneficial ownership transparency requirements. The texts of both Delegated Regulations have not yet been published and no consultation details have yet been provided. The EC plans to adopt them in Q3.

The Financial Action Task Force (FATF) has published updates on high-risk jurisdictions and jurisdictions under increased monitoring. There are no changes to the high-risk jurisdictions, although the FATF notes where improvement is still required and confirms it may consider countermeasures if insufficient progress is made by June. For the jurisdictions under increased monitoring, two jurisdictions have been added, bringing the total number of jurisdictions under increased monitoring to 22. The FATF also remarks on improvements for certain jurisdictions and any identified next steps.

The UK Office of Financial Sanctions Implementation (OFSI) has published updated financial sanctions enforcement and monetary penalties guidance following HM Treasury's (HMT) 2025 consultation on proposed reforms to the OFSI's civil enforcement processes. A consultation response was published in January confirming that the reforms would proceed, which we covered previously here.

OFSI has updated the guidance to reflect the enhancements set out in Chapter 4 on the new Early Account Scheme (EAS), Chapter 5 on the revised case assessment framework and Chapter 6 on the updated methodology for the monetary penalty process, including the incorporation of the EAS discount, the new voluntary disclosure and cooperation discount and the settlement scheme. Chapter 7 introduces guidance on financial hardship, explaining how OFSI may take this into account in exceptional circumstances. Chapter 13 is supplementary to Chapters 6 and 7 on monetary penalties and sets out how penalties will be imposed for certain cases dealt with by means of a fixed monetary penalty. Additional amendments have been made throughout to improve procedural clarity. These key changes are effective immediately.

The EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) has published three consultation papers on the following draft regulatory technical standards (RTS) under the EU AML package (for more background, you may like to read our article "The AML revolution: Are you ready?"):

• Draft RTS on pecuniary sanctions, administrative measures and periodic penalty payments under Article 53(10) of Directive (EU) 2024/1640 (AMLD 6). The RTS specify the indicators to assess the gravity of breaches, criteria for determining the level of pecuniary sanctions or applying administrative measures, and a methodology for the imposition of periodic penalty payments, including their frequency. They aim to ensure that the same breach is assessed in the same way by all supervisors in all Member States, and that the resulting enforcement measures are proportionate, effective and dissuasive. The deadline for comments is 9 March.
• Draft RTS on customer due diligence (CDD) under Article 28(1) of Regulation (EU) 2024/1624 (AMLR) specifying in detail how CDD requirements should be applied, including the information and documents to be collected. The deadline for comments is 8 May.

Read more.

The Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) has published its first single programming document (SPD) for 2026-2028, setting out its strategic priorities and providing transparency on AMLA's timelines as it transitions to full operational capacity. AMLA's key objectives include finalising the Single Rulebook, driving supervisory convergence and enhancing cooperation between Financial Intelligence Units (FIUs). These are translated into five workstreams that will shape AMLA's work in 2026, including delivering regulatory mandates, advancing direct supervision, operationalising the FIU framework, preparing the foundations for indirect supervision and oversight, and developing AMLA's risk frameworks. The SPD also provides a digital roadmap for 2026-2028 which focuses on three priorities including building state-of-the-art digital solutions, taking over and modernising mission-critical systems, and positioning AMLA as a leader in data analytics and innovation. AMLA also seeks to systematically integrate AI in the development of all its operations. AMLA has separately published an explainer of the SPD and a list of 2026 mandates.

The UK Joint Money Laundering Steering Group (JMLSG) has published final amendments to Part I of its anti-money laundering and counter-terrorist financing (AML/CFT) guidance for the financial services sector. This follows the consultation in November 2025. The amendments are made to: (i) chapter 3, related to guidance on the standing of the MLRO, and on monitoring the effectiveness of money laundering controls; and (ii) chapter 6, relating to guidance on subject access requests in cases where a suspicious report has been made. The revisions have been submitted to HM Treasury for Ministerial approval.

The UK Office of Financial Sanctions Implementation (OFSI) has published new regime pages following the closure of the OFSI Consolidated List of Asset Freeze Targets, which is now replaced with the UK Sanctions List (UKSL). The UKSL became the sole official source for UK sanctions designations from January. The new regime pages will host future sanctions notices, covering all changes to designations made under each regime on the UKSL. The old financial sanctions regime pages, while they will remain available for reference, will no longer be updated.

HM Treasury (HMT) has published a consultation response and blog on proposed reforms to the UK Office of Financial Sanctions Implementation's (OFSI) civil enforcement processes. The reforms aim to increase efficiency in resolving enforcement cases and would apply solely to OFSI's civil enforcement powers concerning financial sanctions breaches, including Russia-related designated person asset reporting. They do not apply to criminal enforcement or non-financial sanctions. Following feedback to its July 2025 consultation, the OFSI confirms it will proceed with all proposals but with the following improvements:

• Additional case assessment guidance, including a new case assessment matrix and a Voluntary Disclosure and Co‑operation discount of up to 30% of the baseline penalty.
• 20% baseline penalty discount for subjects who settle under the new settlement scheme.

Read more.

The UK Office of Financial Sanctions Implementation (OFSI) has published a blog confirming that it is working closely with UK law enforcement and regulatory partners to combat the abuse of cryptoassets and associated money laundering activities. OFSI has joined forces with the Crypto Cash Fusion Cell (CCFC), a pilot, multi-agency initiative bringing together the UK National Crime Agency, the Metropolitan Police Service, His Majesty's Revenue and Customs, the UK Financial Conduct Authority, City of London Police and OFSI, to target criminal funds linked to sanctions offences.

Through this collaboration, OFSI shared detailed intelligence with the CCFC to enable joint working against specific, prioritised targets. This led to action against potential breaches of financial sanctions involving cryptoassets by UK-based individuals. OFSI wants the sector to know that the use of cryptoassets to evade sanctions will be treated no differently to the exploitation of traditional currencies.

The European Commission has issued a call for evidence on its forthcoming action plan to combat online fraud committed through the use of technology (whether online or by telephone). The initiative seeks to build on existing frameworks which already establish comprehensive anti-fraud measures, including the Payment Services Directive, the Instant Payments Regulation and the Digital Services Act. The plan aims to reduce the occurrence and impact of online fraud across the EU by reinforcing coordination, enhancing victim support and improving cross-border and multi-stakeholder cooperation. Its primary objective is to establish a more integrated approach to tackling online fraud. This includes strengthening the EU's 'follow-the-money' approach for detecting, tracing and disrupting fraud proceeds that are channelled through payment accounts, e-money and increasingly, crypto-asset transfers, leveraging EU requirements on supplying accompanying information with transfers of funds and certain crypto-assets. The deadline for feedback is 13 February.

The EU Authority for Anti‑Money Laundering and Countering the Financing of Terrorism (AMLA) has announced a data‑collection exercise expected in March to test and calibrate its risk‑assessment models. These models will inform the 2027 selection of up to 40 entities for AMLA's direct supervision beginning in 2028 and support consistent money laundering risk assessments by supervisors across the EU. The exercise, conducted with national supervisors and the private sector, will involve both financial institutions potentially eligible for direct supervision and a representative sample of entities likely to remain nationally supervised. National supervisors of both groups have been notified by the AMLA of those selected to participate in the exercise. After validating and calibrating the models in full, AMLA will finalise the list of eligible entities for direct supervision. In early 2027, national supervisors will collect data from those entities to inform AMLA's final supervisory selection. AMLA has also published an accompanying explainer on its direct supervision framework, available here.

The Bank of England, UK Prudential Regulation Authority and UK Financial Conduct Authority have published their 2025 annual CBEST thematic report. CBEST is a threat-led penetration testing assessment framework of cyber resilience, helping regulators, firms and financial market infrastructures (FMIs) identify vulnerabilities and take remedial action. This report summarises insights from recent CBEST assessments conducted across firms and FMIs. While it does not introduce any new or additional regulatory expectations, it articulates gaps, some of them foundational, observed in firms' and FMIs' cyber defences.

Key messages for firms and FMIs to consider include:

• To reduce the likelihood of severe cyberattacks, firms and FMIs should harden operating systems by patching vulnerabilities and securely configuring key applications.
• The impact of unauthorised access to sensitive systems and information can be reduced by strengthening credentials management, enforcing strong passwords, considering the use of multi-factor authentication, preventing or detecting insecure credential storage and through appropriate segmentation of networks.

​​Read more.

The Financial Markets Standards Board has published its 2026 workplan. The workplan covers a wide range of areas in relation to wholesale financial markets, and in 2026 the Board sets out the following focus topics:

• In relation to market practices, work is being progressed on pre-hedging, grey market trading, market quotation mechanisms, conduct risks around risk management transactions for new issuances, and price discovery.
• In relation to electronic trading and technology, the relevant committee will be looking at market-facing applications of AI and potentially the application of model risk management frameworks to electronic trading algorithms.

Read more.

The UK Financial Conduct Authority (FCA) and UK Payments Systems Regulator (PSR) have issued a joint letter to HM Treasury (HMT) (dated 11 November) providing an update on their progress against the 2024 recommendations HMT set for payments regulation and outlining focus areas through to 2026.

Key forward-looking priorities include:

• Co-ordination - the regulators set out how they have been working in an increasingly collaborative way to ease congestion in payments regulation.
• Open banking and open finance – the FCA has established a new department incorporating FCA and PSR capabilities, replacing the Joint Regulatory Oversight Committee (JROC) and streamlining decision-making for open banking and open finance. The FCA is working with industry to establish a future entity for open banking ahead of developing the statutory instrument with HMT and subsequently the long-term regulatory framework for open banking. In addition, the FCA has launched the smart data accelerator, with applications currently open for two prioritised open finance use cases in SME lending and mortgages. The FCA will publish a roadmap for this in early 2026, with regulatory foundations in place during 2027. The FCA is also collaborating with the Department for Business and Trade on cross-sector data sharing.

Read more.

The European Commission (EC) has announced that it has listed Russia as a high-risk country with strategic deficiencies in its anti-money laundering and counter-terrorist financing frameworks (AML/CFT) pursuant to the EU's directive on anti-money laundering and terrorist financing (AMLD IV). This follows Delegated Regulation (EU) 2025/1393, adopted in July, which committed the EC to conclude a review of third countries not listed by the Financial Action Task Force (FATF), but whose membership is suspended. This included Russia which, following a technical assessment, the EC concludes meets the criteria to be designated as a high-risk third country. The EC has therefore adopted a delegated regulation adding Russia to its list of high-risk jurisdictions presenting strategic deficiencies in their national AML/CFT regimes. On the following day, 4 December, the EC made a further announcement that it has updated its list of high-risk jurisdictions presenting strategic deficiencies in their national AML/CFT regimes following the decisions taken at the FATF and its list of 'Jurisdictions under Increased Monitoring' ('grey list'), following the plenaries of June and October 2025. The EU has adopted a further delegated regulation under AMLD IV adding new third-country jurisdictions (Bolivia and the British Virgin Islands) to the list of jurisdictions with strategic deficiencies and delisting a number of others (Burkina Faso, Mali, Mozambique, Nigeria, South Africa and Tanzania). The delegated regulations will enter into force after scrutiny and non-objection of the European Parliament and the Council within a period of one month (which can be extended by a further month). EU entities covered by the EU's AML framework are required to apply enhanced vigilance in transactions involving such high-risk jurisdictions.

The UK Serious Fraud Office (SFO) has published updated guidance on evaluating corporate compliance programmes, clarifying when and how such assessments occur. The updated guidance identifies six scenarios in which it may need to evaluate an organisation's compliance programme: (i) determining decisions on prosecution; (ii) considering deferred prosecution agreements (DPAs); (iii) including compliance terms and monitorships as part of any DPA; (iv) determining whether an organisation has a defence of "adequate procedures" under the Bribery Act 2010; (v) determining whether an organisation has a defence of "reasonable procedures" under the Economic Crime and Corporate Transparency Act 2023 (ECCTA); and (vi) sentencing considerations. In relation to statutory defences, the updated guidance draws on the six statutory principles in relation to proportionate procedures, top-level commitment, risk assessment, due diligence, communication (including training), and monitoring and ongoing review. It includes a "FAQs/general guidance" section, explaining the distinction between "adequate" or "reasonable" procedures (for statutory defences) and an "effective compliance programme" under failure-to-prevent offences. The SFO stresses that assessments depend on an organisation's individual circumstances. Having policies and controls in place does not automatically mean a programme is effective; the focus is on how policies translate into conduct on the ground.

The UK Joint Money Laundering Steering Group (JMLSG) has launched a consultation on proposed amendments to Part I of its anti-money laundering and counter-terrorist financing (AML/CFT) guidance for the financial services sector. The consultation proposes amendments to: (i) chapter 3 related to guidance on the standing of the MLRO, and on monitoring the effectiveness of money laundering controls and; (ii) chapter 6 relating to guidance on subject access requests in cases where a suspicious report has been made. The deadline for comments on the proposed revisions is 14 January 2026.

The UK Financial Conduct Authority (FCA) has published findings from a multi-firm review of business-wide risk assessments (BWRA) and customer risk assessments (CRA) as part of its financial crime supervisory work under the 2025–30 strategy. You may like to read our article "Financial Crime: The FCA's Strategy for 2025 – 2030" for further information on the strategy.

The FCA found that while most firms maintain BWRAs, weaknesses remain in identifying, understanding and assessing risk. Common issues include failure to tailor assessments to specific business risks, lack of detail and evidence to support claims of being "low risk" and limited quantitative analysis. Examples of good practice include annual reviews of BWRAs, comprehensive assessments using both quantitative and qualitative analysis and tailored assessments aligned to the firm's business model, products and customers.

Read more.

HM Treasury (HMT) has published a consultation on proposals to reform the UK's anti-money laundering and counter-terrorist financing (AML/CTF) supervisory regime for professional services firms. This follows the October consultation response and policy statement confirming that the UK Financial Conduct Authority (FCA) will be the sole AML supervisor for legal, accountancy and trust and company service providers under the Money Laundering Regulations 2017 (MLRs). The consultation sets out the FCA's proposed key duties, powers and accountability mechanisms that the FCA will need for supervising professional services firms under the MLRs, along with the legislative changes needed to implement these reforms. While many proposals involve extending existing MLR provisions to the FCA in its new expanded role, HMT is also considering whether further enhancements are necessary to the MLRs to ensure the FCA has a comprehensive supervisory toolkit.

Key proposals include the following as set out below.

Read more.

The UK government has launched a new collections webpage consolidating resources on sanctions enforcement. The page lists published monetary penalties, prosecution outcomes and disclosure notices imposed by HM Revenue & Customs, the National Crime Agency, the Office of Financial Sanctions Implementation and the Office of Trade Sanctions Implementation. It also lists case studies, blogposts and annual reviews containing key lessons from enforcement actions in the relevant year.

The European Banking Authority (EBA) has issued a report with its formal response to the European Commission's (EC) March 2024 call for advice on six regulatory mandates under the forthcoming EU anti-money laundering and countering the financing of terrorism (AML/CFT) framework. The formal response aims to support the operational launch of the new Anti-Money Laundering Authority (AMLA) and includes the EBA's proposals for the draft regulatory technical standards (RTS) which the AMLA will ultimately adopt. These RTS separately cover: (i) methodologies for assessing inherent and residual money laundering/terrorist financing risks of obliged entities; (ii) risk assessment criteria for AMLA's selection of institutions for direct supervision; (iii) customer due diligence requirements; and (iv) classification of the severity of breaches and determination of pecuniary sanctions.

Read more.

HM Revenue & Customs (HMRC) has released a comprehensive handbook to add to its resources, aimed at identifying and tackling trade-based money laundering (TBML). The guide provides an accessible overview of TBML techniques, legal frameworks and investigative strategies, with a particular focus on Operation A, an HMRC-led investigation that successfully disrupted a major organised crime group. The handbook includes case studies, evidentiary approaches using customs and trade data, prosecution insights and lessons learned. While tailored to UK systems and authorities, the resource offers valuable guidance for professionals globally who are exposed to TBML risks.

The UK Financial Conduct Authority (FCA) has published Primary Market Bulletin 59 (PMB59). It begins with findings from a review of issuers' compliance with Article 17.4 of the UK Market Abuse Regulation (MAR) on delayed disclosure of inside information (DDII) under certain conditions. Notably, the FCA observed a 39% drop in DDII notifications, alongside an increase of approximately seven days in average delay periods compared to its previous review in November 2020. While this could be due to fewer instances of information being classified as inside information, or a reduced use of delayed disclosure rather than non-compliance, the FCA reminds issuers of their obligations under UK MAR, including timely DDII submissions and maintaining confidentiality.

Read more.

The European Banking Authority (EBA) has released its fifth and final report on the functioning of anti-money laundering and countering the financing of terrorism (AML/CFT) colleges, covering the period from 1 January 2024 to 31 May. Overall, the EBA found that the state of the colleges framework has remained stable since December 2023. It concludes that these colleges have been effective in facilitating information exchange and strengthening AML/CFT supervision across the EU. However, the EBA identifies limited progress by supervisors in addressing two key priorities: (i) applying a risk-based approach in the functioning of AML/CFT college meetings meaning that resources were not always allocated to the most strategically important colleges; and (ii) ensuring systematic, meaningful discussions on coordinated responses to shared risks. From 1 January 2026, oversight of AML/CFT colleges will transition to the new Anti-Money Laundering Authority (AMLA), with the EBA's findings expected to inform AMLA's supervisory framework going forward.

HM Treasury (HMT) has published its consultation response and policy statement on the reform of the anti-money laundering and counter-terrorism financing (AML/CTF) supervision regime, following its 2023 consultation. The consultation had proposed four potential models to reform the current supervisory framework, which comprises of three public sector supervisors, namely the UK Financial Conduct Authority (FCA), the Gambling Commission and HMRC, as well as 22 professional body supervisors (PBSs) responsible for overseeing the legal and accountancy sectors' compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. HMT now confirms its intention to implement the Single Professional Services Supervisor (SPSS) model. Under this model, the FCA will become the sole AML/CTF supervisor for in-scope legal service providers, accountancy service providers and trust and company service providers, consolidating supervisory responsibilities previously held by 23 separate bodies, with the aim of improving consistency, effectiveness and coordination across the regime.

Read more.

The European Securities and Markets Authority (ESMA) has published its final report on the draft implementing technical standards (ITS) extending the use of the alleviated format of insider lists to all issuers under the amended Market Abuse Regulation (MAR), as mandated by the Listing Act (Regulation (EU) 2024/2809). The draft ITS consolidates the existing five insider list templates into three: two templates for event-based and permanent insider lists applicable to non-SME issuers and SME Growth Market issuers in Member States that have opted out of the simplified regime, and a third template for SME GM issuers under the simplified regime, covering persons with regular access to inside information.

Following its April consultation, ESMA has made no major changes to the templates. It maintained its view that all issuers should report the national identification number of insiders, and where not applicable, their date of birth. ESMA also added a recital clarifying that issuers may include one contact person per external provider with access to inside information. The draft ITS has been submitted to the European Commission, which has three months to decide whether to adopt them.

The UK Financial Conduct Authority (FCA) has published its findings from a recent survey on financial crime controls in corporate finance firms not required to submit financial crime data returns. The findings reflect firms' self-reported practices and are not based on an FCA review. They highlight both good practices and areas needing improvement. Approximately two-thirds of respondents may be non-compliant with one or more aspects of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (Money Laundering Regulations). Key deficiencies include the absence of documented business-wide risk assessments, gaps in customer due diligence and inadequate oversight of appointed representatives. Despite these concerns, the FCA did identify good practices, such as regular reporting to senior management and the use of risk registers. The FCA has begun contacting firms falling short of expectations to prompt remedial action and will follow up to assess progress. Firms are reminded of their obligations under the Money Laundering Regulations and are expected to address identified gaps in their financial crime frameworks.

The UK Financial Conduct Authority (FCA) has published its findings from a multi-firm review assessing how UK payment service providers (PSPs) (including banks and other businesses offering payment accounts) detect and respond to romance fraud, a growing financial crime where victims are deceived into sending money to fraudsters who engineer false romantic relationships or friendships. The review covered 60 cases across six firms and the conclusions highlight examples of good practice and areas for improvement. Whilst some firms are leading the way with proactive engagement and compassionate support reflecting best practice, these examples were not consistent across the industry and it is clear that staff play a critical role in interventions. Equally, the review also examined the effectiveness of firms' systems and controls in detecting romance fraud, to avoid missed opportunities to detect suspicious activity, including transactions to overseas jurisdictions, multiple payments over a short period and sudden increases in the value of funds being sent.

Read more.

The European Securities and Markets Authority (ESMA) has published its second consolidated report on sanctions and measures imposed by national competent authorities in Member States in 2024. The report reveals that over 970 administrative sanctions and measures were issued in financial sectors under ESMA's remit, with the total aggregated value of administrative fines exceeding EUR100 million, an increase compared to 2023. The highest number of administrative sanctions and measures were imposed under the Market Abuse Regulation (MAR), the Markets in Financial Instruments Directive (MiFID) and the Markets in Financial Instruments Regulation (MiFIR).

The highest amounts of administrative fines for 2024 were imposed under MAR. The more granular data shows that over 60% of all administrative sanctions and measures imposed in 2024 were administrative fines, and 10% were issued using settlement procedures. ESMA also reports that no sanctions or measures were imposed under the Securities Financing Transactions Regulation (SFTR) or the Markets in Crypto-Assets Regulation (MiCAR), while a measure was issued for the first time under the European Crowdfunding Service Providers Regulation. ESMA highlights discrepancies in sanctioning powers across jurisdictions, including differences in the amounts of fines, number and types of sanctions and measures, and use of settlements.

The European Banking Authority (EBA) has released its 2024 annual report on the convergence of supervisory practices across the EU. The report outlines the EBA's ongoing efforts to strengthen the alignment of supervisory approaches across Member States and across key areas of its activities, including prudential, resolution, digital finance, consumer protection and until the end of this year anti-money laundering/counter-terrorist financing (AML/CFT). In the area of prudential regulation, the report reflects on findings from its 2024 European Supervisory Examination Programme focused on liquidity and funding risk, interest rate risk and hedging, and recovery operationalisation. The report notes that risk levels in these areas remain stable, though challenges persist around data quality, stress testing scenarios and modelling assumptions. The EBA will continue monitoring risks related to online deposit platforms and compliance with Supervisory Outlier Tests in 2025.

Read more.

HM Treasury has published guidance confirming that from 28 January 2026, the UK Sanctions List (UKSL) will become the sole official source for UK sanctions designations, replacing the OFSI Consolidated List of Asset Freeze Targets. From this date, all new sanctions entries will appear only on the UKSL, which will include clearer identifiers and will be available in a more user-friendly format. An updated search tool and designation notices for all types of sanctions designations will also be introduced to make it easier to understand who is sanctioned and why. Businesses are encouraged to start updating their systems now to avoid disruption and prepare for the formal closure of the OFSI Consolidated List.

The European Banking Authority (EBA) has published a report addressing money laundering and terrorist financing (ML/TF) risks in crypto-asset services, including issuance, trading and service provision. Drawing on lessons from recent supervisory cases across the EU and engagement with national supervisors, the report identifies vulnerabilities in the sector and offers guidance to strengthen compliance and oversight. It examines strategies used by certain crypto-asset service providers and issuers to side-step national AML/CFT supervision, including through unauthorised operations, forum shopping and improper use of certain regulatory exemptions. The report also outlines safeguards introduced by MiCAR and the AML/CFT regime, stating that effective implementation will depend on proactive monitoring of unauthorised activities, continuous risk identification and strong cross-border cooperation, amongst others.

The Financial Markets Standards Board (FMSB) has released its finalised Statement of Good Practice (SoGP) on Unauthorised Trading Frameworks. The SoGP, consulted on in July, aims to support firms in developing robust oversight and control mechanisms to mitigate the risk of unauthorised trading in wholesale financial markets. It provides practical recommendations on areas related to: (i) governance (including firm governance frameworks, understanding of the authorisation perimeter and accountability for unauthorised trading controls); (ii) controls and monitoring (including pre-trade and point-of-trade controls to mitigate unauthorised trading, post-trade controls to signal potential unauthorised trading and analytics across the front-to-back trade lifecycle); and (iii) intervention and reporting (including escalation in the case of a potential or actual unauthorised trading event and periodic management reporting). The SoGP is applicable to all types of trading.

The European Banking Authority (EBA) has published its final report, concluding a six-year review of the effectiveness of national competent authorities (NCAs) approaches to the anti-money laundering and countering the financing of terrorism (AML/CFT) supervision of banks across the EU/EEA. This final report evaluates the actions taken by NCAs in response to the interim bilateral findings and recommendations the EBA provided to NCAs during the course of its review. The report highlights significant progress by NCAs in adopting risk-based approaches, developing targeted supervisory strategies and enhancing cooperation at both national and international levels, as well as aligning their national strategies and practices with EBA standards.

Enhanced supervisory manuals have contributed to more consistent and effective AML/CFT supervision, and supervisory tools are now being used more strategically. While NCAs have made efforts to strengthen information exchange with their national public authorities and NCAs in other EU jurisdictions and third countries, some jurisdictions continue to face challenges in ensuring effective cooperation, particularly in coordinating with prudential supervisors. This report will form part of the EBA's handover to the new EU Anti-Money Laundering Authority (AMLA), providing a comprehensive overview of current supervisory practices and will serve as a foundation for future indirect supervision under the revised EU AML/CFT framework.

The UK Financial Conduct Authority (FCA) has published consultation paper CP25/25 (CP), alongside a press release, setting out its proposed regulatory framework for cryptoasset activities under the Financial Services and Markets Act 2000 (FSMA). This follows HM Treasury's (HMT) draft statutory instrument (SI) to bring qualifying cryptoasset activities within the scope of the Regulated Activities Order 2001 (RAO) and under the FCA's remit. Qualifying cryptoasset activities will include issuing qualifying stablecoins, safeguarding qualifying cryptoassets and specified investment cryptoassets, operating a qualifying cryptoasset trading platform (CATP), intermediation and staking. Firms and individuals undertaking these activities will require FCA authorisation before operating by way of business in the UK.

Read more.

The Wolfsberg Group has published comprehensive guidance on managing financial crime risks for financial institutions (FIs) that provide banking services to fiat-backed stablecoin issuers. While recognising the legitimate benefits of stablecoins, such as pseudonymity, rapid settlement and global reach, the Group also highlights that these same benefits introduce unique risks. The guidance therefore introduces a risk-based framework for assessing and monitoring relationships with issuers operating in regulated jurisdictions. It notes that although existing financial crime risk management principles remain applicable, existing controls may require adapting to address the specific risks posed by stablecoin issuers. The guidance introduces the relevant terminology used by the Group on stablecoins and describes the typical fiat-based services an FI may offer to a stablecoin issuer, highlighting how financial crime-related controls may require adjustment. It also explains how, under a risk-based approach, an FI may evaluate the issuer's compliance obligations on the blockchain. Ultimately, the Group's view is that the approach to banking a stablecoin issuer mirrors that of any customer relationship: firstly to identify and understand the risks associated with both the customer and the nature of the relationship, as well as evaluate how the issuer manages those risks; secondly to determine whether the issuer's risk profile and mitigation strategies align with its own risk appetite; and finally, the FI should implement a proportionate risk management framework that enables ongoing monitoring of the issuer's behaviour and supports timely corrective action when necessary.

The UK Financial Conduct Authority (FCA) has published Market Watch 83, sharing findings from a series of reviews on market abuse risks and related systems and controls at corporate finance firms that provide advisory and corporate broking services to small and mid-cap companies.

The FCA has observed the following in relation to market soundings:

• Disclosing Market Participants (DMPs) extending their market soundings to a relatively large number of Market Sounding Recipients (MSRs) without a process for considering the appropriateness or the number of MSRs contacted. The FCA highlights that a good practice was a simple governance process where a senior employee or relevant committee approved the initial proposed list of MSRs, as well as any additions to it. The FCA encourages firms to consider whether their policies and procedures help effectively manage the number of MSRs to control the flow of inside information.

Read more.

HM Treasury (HMT) has published the draft Money Laundering and Terrorist Financing (Amendment and Miscellaneous Provision) Regulations 2025, accompanied by a policy note, for technical consultation. This follows HMT's 2024 consultation on improving the effectiveness of the UK Money Laundering Regulations (MLRs), with the government's response published in July this year. The consultation identified key weaknesses in the UK's anti-money laundering (AML) regime, including issues with pooled client accounts, trust registration, cryptoasset regulation and the practicalities of customer due diligence (CDD). The draft statutory instrument (SI) proposes targeted amendments to the MLRs 2017 and related legislation to address these concerns. The key changes are set out below.

Read more.

The UK Home Office has published a progress report on the outcomes framework of the 2023 Economic Crime Plan 2 (ECP2). The ECP2 set out strategic objectives to reduce economic crime, safeguard national security and promote legitimate economic growth in the UK. The progress report sets out insights gathered to date under the ECP2, including: a 36% increase in prosecutions and 7% increase in convictions for money laundering offences in 2024; indications that Suspicious Activity Reports are having a positive effect on asset recovery; and evidence of improved transparency in company ownership, with 32,000 entities having registered on the Companies House Register of Overseas Entities as of 31 March. The report acknowledges a comprehensive assessment of progress towards ECP2 outcomes is constrained by data limitations, with steps being taken to address these data gaps, including through HM Treasury's Effectiveness Framework and the Home Office's Economic Crime Survey 2024. The Home Office plans to publish a further update to the progress report in 2027.

Read more.

The Financial Action Task Force (FATF) has announced the launch of a new National Risk Assessment (NRA) toolkit aimed at enhancing countries' ability to identify and address money laundering risks. The toolkit supports a risk-based approach aligned with FATF Standards and provides cross-country insights into predicate offences, laundering methods, and proceeds of crime. It focuses on four priority areas that are currently consistently challenging to assess, including: corruption, virtual assets and service providers, legal persons and arrangements, and the informal economy. Quick guides, which include practical examples, have also been published to support risk assessment in each priority area. The toolkit draws on good practices from FATF member jurisdictions and is designed to be flexible and adaptable to country-specific needs. It can be integrated into a full NRA, applied to sectoral or thematic assessments, or used to strengthen broader efforts to improve risk understanding. Coinciding with the launch, on the same day, the FATF has also updated its NRA guidance, to reflect recent changes made to its Recommendation 1 standard and guidance on financial inclusion and anti-money laundering and counter terrorist financing measures.

On 20 August, Commission Delegated Regulation (EU) 2025/885 supplementing the Markets in Crypto-assets Regulation with regard to regulatory technical standards specifying the arrangements, systems, and procedures for persons to prevent, detect, and report market abuse, the templates to be used for reporting suspected market abuse, and the coordination procedures between competent authorities for the detection and sanctioning of market abuse in cross-border market abuse situations, has been published in the Official Journal of the European Union (OJ). The Delegated Regulation enters into force on the twentieth day following its publication in the OJ, being 9 September.

The European Banking Authority (EBA) has published a report on the use of SupTech tools in anti-money laundering and countering the financing of terrorism (AML/CFT) supervision, as well as a press release. In November 2024, the EBA surveyed competent authorities on their use of SupTech tools and in January 2025, a workshop was held on AML/CFT SupTech. The EBA's report provides its findings from both programs, considers the current use of SupTech tools at EU level and how the tools are implemented. The EBA concludes that SupTech tools can improve the effectiveness of AML/CFT supervision and competent authorities have identified benefits such as enhanced collaboration, improved data quality and analytics, and the ability to scale supervision under the new EU AML/CFT framework, particularly with the establishment of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism, known as AMLA. Poor data quality and governance, limited resources, legal uncertainty, operational risks, and friction related to institutional transformation are recognised as potentially impeding progress. Various good practices have emerged, including promoting a digital-first culture, adopting structured change management strategies, enhancing data governance and interoperability and leveraging synthetic data to safeguard privacy.

The UK Financial Conduct Authority (FCA) has published a new "Wholesale banks supervision" webpage which consolidates insights from the FCA's multi-firm and other supervisory work involving wholesale banks. The webpage covers a range of topics and the outcome of FCA multi-firm reviews, which we summarise here.

Read more.

The European Banking Authority (EBA) has published its fifth opinion on money laundering and terrorist financing (ML/TF) risks. In the report, the EBA highlights the growing vulnerabilities in the EU financial sector arising from the growth of technologies, new financial products such as crypto-assets, and the increasing interconnection of financial products and services across sectors. The EBA states that while tools such as RegTech and AI offer potential for enhanced compliance, their improper implementation (often due to lack of expertise and oversight) has led to serious compliance failures. Competent authorities have reported high or rising ML/TF risks in Fintech firms and crypto-asset service providers linked to weak AML/CFT controls and governance. Additionally, the use of AI by criminals to automate laundering and forge documents is outpacing institutional defences. The EBA notes that supervisory engagement has improved the capability of some sectors to fight financial crime. The EBA emphasises the importance for consistent application of the new EU AML/CFT legal framework.

The UK Office of Financial Sanctions Implementation (OFSI) has updated its general guidance on financial sanctions, introducing a new licensing ground under Section 6.6, permitting the return of funds from designated Money Service Businesses (MSBs) to non-designated persons, subject to strict conditions. To qualify, the MSB must be registered in the UK under the Money Laundering Regulations 2017, the recipient must not be a designated person and no payments will be made to a designated person (whether directly or indirectly), the original payment must have been made prior to the MSB's designation without breaching asset freeze restrictions and the repayment must not undermine efforts to prevent or detect serious crime. OFSI will consult law enforcement authorities to assess crime risk before granting a licence, and only MSBs defined and registered under the 2017 Regulations are eligible. OFSI emphasises that as licensing grounds and exceptions can vary between regimes, it remains essential to consult the relevant, up-to-date legislation.

The Financial Markets Standards Board (FMSB) has published a transparency draft of its Statement of Good Practice (SoGP) on Unauthorised Trading Frameworks for consultation. This draft, which builds on FMSB's prior work on Front Office Supervision, sets out a series of principles-based measures designed to strengthen oversight and control mechanisms aimed at mitigating the persistent risks of unauthorised trading in wholesale financial markets. FMSB notes that, despite the existence of significant risk management frameworks, unauthorised trading continues to pose risks that can result in material financial, reputational and regulatory harm. The SoGP has been designed to promote consistent expectations across jurisdictions and has been developed with input from buy-side and sell-side firms, as well as support from the global regulatory community. The deadline for comments is 15 September.