Every two years, the European Banking Authority (EBA) takes a deep dive into the risks of money laundering (ML) and terrorist financing (TF) across Europe’s financial sector. The latest Opinion, released in July 2025, paints a picture that’s both familiar and fast-changing: technology is driving innovation, but it’s also opening new doors for criminals.
So what does this mean for banks and other financial institutions?
FinTech: Growth First, Compliance Later?
FinTechs have made banking faster, easier, and more accessible—but regulators are worried that the rush to innovate often comes at the expense of strong anti-money laundering checks.
The EBA notes that many FinTech firms prioritize customer growth over compliance. Think of flashy apps or e-wallets that sign up users in seconds but may skip thorough due diligence. Common issues include:
- Weak customer verification (CDD) processes,
- Overreliance on outsourcing without proper oversight,
- Gaps in monitoring cross-border transactions.
For banks that acquire or partner with FinTechs, this risk doesn’t just stay in the start-up world, it spills over into mainstream financial services.
RegTech: Good Tools, Bad Implementation
On the flip side, RegTech (technology designed to help with compliance) offers potential in the fight against ML and TF. Automated screening, streamlining of Know Your Client (KYC) procedures, real-time transaction monitoring, and efficient reporting can make AML efforts far more effective.
But here’s the catch: banks often implement RegTech without proper testing or governance. Over half of the reported compliance failures in recent years were linked to misused or poorly managed RegTech solutions. In other words, the tools are powerful, but if you don’t understand them properly, they can create new vulnerabilities instead of solving old ones.
Crypto: The Growing Pains Continue
Crypto remains one of the biggest headaches. The number of crypto asset service providers (CASPs) in the EU more than doubled between 2022 and 2024, and transaction volumes have surged. But oversight hasn’t always kept up.
Authorities found that many CASPs lacked solid AML systems, and some even tried to bypass licensing altogether. Weak governance, questionable senior management, and inadequate customer verification remain common. With banks increasingly interacting with crypto firms (for example, through payment or conversion services) the risks are bleeding into the wider financial system.
The EU’s new crypto framework, which started applying recently, should tighten standards. But consistent enforcement will be key.
Fraud and AI: The New Frontier of Crime
Fraud and cybercrime are escalating, supercharged by artificial intelligence. Criminals are using AI to create fake documents, impersonate customers during onboarding, and even deploy deepfakes to bypass ID checks.
Banks face a rising tide of sophisticated scams, from classic phishing attacks to elaborate investment fraud schemes involving crypto. Strong customer authentication has reduced some types of fraud, but new attack methods keep emerging.
For banks, the challenge is to invest in advanced detection tools and train staff to recognize new tricks, because the criminals are moving fast.
Sanctions and Restrictive Measures: Complexity Creates Risk
Sanctions compliance has become a maze. The EU keeps updating sanctions packages, especially in response to geopolitical events, and standard screening tools often aren’t enough to keep up.
Banks are under pressure to:
- Ensure their sanctions screening systems are up-to-date,
- Record and demonstrate checks properly,
- Handle the unique risks of instant payments and card schemes, where information gaps can create blind spots.
By the end of 2025, new EU-wide guidelines will require all financial institutions to meet common standards for sanctions compliance. That should bring more consistency, but it also raises the bar for banks that are lagging.
Some Good News
It’s not all doom and gloom! The EBA notes that risks linked to tax crimes are decreasing, partly thanks to better laws and supervision. Likewise, the problem of “unwarranted de-risking” (where banks cut off entire customer groups rather than manage risks) has eased across much of the EU. And in sectors like credit institutions, investment funds, and insurance, AML controls are becoming more effective.
The Takeaway
The EBA’s 2025 Opinion makes one thing clear: the battle against financial crime is a moving target. For banks, the key risks right now are:
- FinTech growth without compliance safeguards,
- Misuse of RegTech and AI (both by firms and by criminals),
- Weak controls in the crypto sector,
- Rising fraud and cybercrime,
- Complex sanctions regimes.
The message is simple but pressing: technology is reshaping financial services, but controls need to evolve just as quickly. For banks, that means not only investing in smarter compliance tools but also making sure they’re used correctly, governed properly, and supported by skilled people.
Leave a Reply