The State of Financial Crime Compliance: 2025 Review & What to Expect in 2026  

Key Takeaways:

---

In 2025, financial crime compliance continued its shift from reactive, checklist-driven processes toward more proactive, data-driven risk management. With instant payments, rising geopolitical tensions, and rapidly evolving criminal typologies, traditional rules-based approaches increasingly fell short, prompting institutions to expand their use of AI-powered monitoring, behavioural analytics, and dynamic risk scoring to detect anomalies in real time.

Another significant development was the push towards regulatory harmonization. From transparency in beneficial ownership to cross-border obligations for CASPs (crypto-asset service providers), authorities intensified efforts to standardize expectations and strengthen coordinated supervision  

These developments made fragmented approaches increasingly untenable. Financial institutions are now moving toward integrated, cross-functional compliance ecosystems, connecting AML, KYC, sanctions, and fraud to gain a holistic view of risk and strengthen operational resilience.  

The Regulatory Landscape of 2025  

Geopolitical tensions, increasing sanctions, the rise of AI, and expanding digital-asset markets collectively accelerated regulatory activity. Supervisors demanded faster, more transparent, and more technology-enabled compliance. The result was a year marked by major legislative milestones and greater cross-border coordination.    

• DORA – Digital Operational Resilience Act  
  DORA came into effect on 17th January 2025, requiring all EU financial institutions to strengthen ICT-risk management, conduct resilience testing, report incidents, and oversee critical third-party ICT providers under a unified rulebook. Its goal: ensure business continuity and resilience against growing cyber risks, including DDoS attacks and supply-chain vulnerabilities.  

• EU Single Rulebook & the AMLA Authority    
  The AMLA Authority officially began operations in Frankfurt on 1 July 2025. It will gradually take on direct supervision of high-risk and cross-border entities and harmonize enforcement across the EU. The Single Rulebook, entering into force in July 2027, aims to eliminate national discrepancies and create consistent AML/CFT obligations across Member States.  

• Instant Payment Regulation  
  Since January 9, 2025, all EU payment service providers must be able to receive instant payments. And since October 9, 2025, they must also send payments instantly, including mandatory payee-verification checks to prevent misdirected transfers. This has considerably accelerated the need for AML and fraud monitoring in real-time.  

• Markets in Crypto-Assets Regulation (MiCA) & Crypto Regulation Enforcement  
  MiCA reached full applicability in 2025, requiring all CASPs (Crypto-Asset Service Providers) to obtain authorization and meet stringent requirements for safeguarding, prudential stability, transparency, and market-integrity. Supervisory activity intensified across Europe, with the final MiCA transitional deadline in July 2026 for the Netherlands.   

• EU AI Act
  Throughout 2025, multiple obligations from the AI Act came into force. A major milestone was the Commission’s approval of the General-Purpose AI (GPAI) Code of Practice on 1 August 2025, which sets guidance on transparency, copyright, and safety. Financial institutions must now prepare for upcoming requirements on AI risk management, documentation, and human oversight.  

Trends in Compliance in 2025  

The dominant trends in compliance in 2025 have been AI-powered compliance, shoring up for new payment rails like crypto, navigating cross-border flows, and the increasing complexity of fraud, sanctions, and financial-crime typologies.  

• Emerging Threat Typologies evolved rapidly in 2025, with hybrid, cross-domain patterns spreading across fraud, AML, sanctions, and crypto, outpacing traditional controls and escalating supervisory expectations.  Criminal tactics expanded in sophistication, including: 
  – Fraud-driven laundering flows (scams → mules → crypto → instant payout) 
  – Mule networks and synthetic identities 
  – Trade-based money laundering
  – Supply-chain financing and trade flow abuse
  – Decentralized Finance-enabled laundering and cross-chain obfuscation 
  – Sanctions evasion via shell and ownership-layered networks 
  – AI-enabled identity fraud and deepfake-based impersonation 
  – Instant-payment–driven laundering, where funds move through multiple institutions in minutes

• Crypto-related risk intensified as digital assets are becoming further embedded into financial flows. Criminals increasingly exploited cross-chain swaps, mixers, and bridge protocols to break traceability, often combining traditional fraud with crypto-layering to create rapid hybrid typologies. With MiCA enforcement and global regulators tightening oversight, crypto exposure has become a structural risk that requires continuous monitoring and behavioural analytics across both fiat and digital rails.

• Adverse Media Screening
  Regulators including the EU Commission, FinCEN, BaFin, and OFAC reinforced that negative-news screening is now a core component of customer due diligence and ongoing monitoring. As a result, institutions are expanding adverse-media screening to continuously update customer risk profiles, embedding it as a central element of risk-based compliance.  

• Real-Time Detection & a 360-Degree View of Risk  
  With instant payments, evolving crime typologies, and rising supervisory expectations, real-time, data-driven detection has become essential to maintaining a true 360-degree view of risk across the customer lifecycle. Institutions increasingly rely on behavioural analytics, entity resolution, network insights, and contextual case intelligence to flag anomalies faster and reduce investigation delays.

• AI, Agentic, and Augmented Intelligence in Compliance  
  AI adoption accelerated significantly in 2025, with broader use of machine learning for behavioural monitoring, anomaly detection, alert triage, and investigation support. While agentic AI expanded automation possibilities, institutions continued to rely on human-in-the-loop oversight to ensure transparency, explainability, and accountable decision-making.  

• Collaboration & Convergence of Risk Domains  
  Collaboration is becoming a structural necessity in modern financial crime compliance. In 2025, institutions intensified efforts to break down internal silos and move toward integrated risk functions that align AML, sanctions, fraud, and cyber teams. Public–private partnerships and cross-institution information-sharing networks also expanded across regions, driven by regulators’ push for more intelligence-led and coordinated supervision.

2026 Outlook & How to Prepare 

2026 will mark a decisive shift from adapting to new rules to operating under full regulatory enforcement. With DORA already active, MiCA entering its final implementation phase, and AMLA ramping up its supervisory role; institutions will face tighter scrutiny and far less tolerance for compliance gaps.  

At the same time, geopolitical volatility, expanding sanctions regimes, and the growing complexity of digital assets will push compliance teams toward real-time monitoring, stronger network intelligence, and deeper AI adoption.  

To stay resilient, organizations will need integrated, data-driven risk frameworks, greater coordination across domains, and a more multidisciplinary compliance function capable of navigating fast-evolving threats.  

• Transition to Full Regulatory Enforcement  
  DORA is now fully in effect, and MiCA will reach full enforcement in 2026. AMLA supervision will also accelerate. Institutions must prepare for tighter scrutiny and zero-tolerance approach to compliance gaps.

• Escalating Sanctions Requirements  
  Intense geopolitical instability and sanctions circumvention, often aided by complex ownership structures, cross-border transfers or De-Fi channels, will drive increased regulatory focus. In early 2026, the UK will consolidate its sanctions list, and broad global sanctions tightening is expected. Institutions will need real-time screening, continuous monitoring, and network-risk analytics to keep pace.

• Growing Global Standardization and Coordination  
  FATF standards will continue to gain wider adoption, with more jurisdictions strengthening intelligence-sharing and coordinated supervision. Institutions should prepare for harmonized reporting expectations and interoperable data models.  

• Acceleration of AI & Augmented Intelligence  
  AI adoption will deepen, especially in anomaly detection, behavioural patterning, and automated workflow orchestration. At the same time, regulators will focus on AI governance, explainability, bias mitigation, and human oversight. Institutions must establish clear frameworks for AI validation, monitoring, and documentation.  

• Shifting to Real-Time Compliance & Continuous Network Intelligence  
  Compliance is expanding from monitoring individual entities and transactions to overseeing entire customer networks, transaction chains, third-party relationships, trade flows, and supply-chain structures – all in real time. Advanced case management systems, automated workflows, graph analytics, and visual intelligence tools are becoming essential to support faster, more informed decision-making.

• Crypto, Digital Assets, New Payment Ecosystem & CBDCs  
  Digital assets, instant payments, tokenized deposits, and CBDCs (Central Bank Digital Currencies) will reshape transaction ecosystems and introduce new risk vectors. Compliance teams will need to keep up with travel rule, cross-chain transfers, crypto layering, and hybrid-financial flows.

• Transformation of the Compliance Function  
  Compliance teams will evolve into more multidisciplinary units, combining financial-crime expertise with data science, analytics, AI oversight, sanctions intelligence, and cybersecurity. Upskilling remains a top priority, as institutions work to modernize processes and dismantle functional silos into a cohesive financial compliance unit.

Closing Perspective: Preparing for 2026

As 2026 approaches, the shift from checklist-driven compliance to real-time, intelligence-led risk management is no longer optional – it becomes the new operating standard. With regulators tightening enforcement, sanctions growing more complex, and financial crime accelerating across digital ecosystems, institutions must strengthen their data, workflows, and technology foundations to stay ahead.

Siron^®One helps financial institutions transition smoothly into this new era with AI-powered detection, contextual case intelligence, and fully integrated workflows that scale with evolving regulatory expectations.

Supported by IMTF’s global expertise, training, and ongoing customer success programs, compliance teams can modernize confidently while maintaining transparency, control, and human oversight.  

To dive deeper into these shifts and what they mean for you, we invite you to join our upcoming webinar “Compliance in Transition – Retrospective 2025 & Outlook 2026” 

Equip your teams with the insights they need to navigate 2026 with clarity, readiness, and resilience. Book a Siron^®One demo to see how holistic, real-time, AI-powered compliance can strengthen your organisation for the year ahead. 

Sources:

1. https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en  
2. https://eucrim.eu/news/amla-kicks-off-work  
3. https://www.ecb.europa.eu/paym/retail/instant_payments/html/instant_payments_regulation.en.html  
4. https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica  
5. https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai