EBA ¦ AML/CFT Newsletter - Issue 16

Key Updates from EBA Newsletter Issue 16 – 2025

Overview of key developments and supervisory priorities

The European Banking Authority’s AML/CFT Newsletter Issue 16 (2025) highlights supervisory trends, risk drivers and practical expectations for obliged entities and competent authorities across the EU. The Newsletter reiterates that effective risk-based approaches, governance and cooperation remain central to the EU’s framework as Member States implement the AML/CFT Package and the AML Authority (AMLA) continues to mature. Observed weaknesses in customer due diligence (CDD), transaction monitoring and beneficial ownership verification are drawing continued supervisory focus, alongside evolving threats from virtual assets, trade-based money laundering and misuse of legal persons and arrangements.

Governance, risk assessment and internal controls

Supervisors report recurring governance failures including unclear allocation of AML responsibilities at board and senior management level, deficiencies in independent AML compliance functions, and inadequate resourcing. The Newsletter emphasizes that documented, entity-wide risk assessments must be living instruments that meaningfully inform policies, procedures and transaction screening scenarios. Management information and reporting lines should provide senior managers and boards with timely, actionable metrics on exposure to specific ML/TF typologies and the effectiveness of controls.

Customer due diligence and beneficial ownership

EBA’s findings underline persistent shortcomings in CDD, especially for higher-risk customers and relationships introduced by intermediaries. Firms are urged to apply enhanced due diligence where risks are elevated and to ensure that beneficial ownership information is verified, accurate and updated throughout the business relationship. Supervisory case studies show failures where firms relied on unreliable source documents or did not escalate inconsistent ownership information, enabling misuse of corporate structures to conceal illicit funds.

Bastian Schwind-Wagner _Follow "The EBA’s Newsletter Issue 16/2025 underscores that persistent governance and CDD weaknesses, combined with sophisticated emerging typologies such as virtual assets and trade-based laundering, require urgent, evidence-based remediation and stronger cross-border supervisory cooperation."

Transaction monitoring, technology and human oversight

The Newsletter notes that while many firms have invested in analytics and automation for transaction monitoring, model design, parameterisation and governance often lag behind. False positives remain high where models are not calibrated to true risk profiles, and alerts lack sufficient contextual data for meaningful investigation. Supervisors expect firms to document model validation, governance of third-party solutions and to ensure adequate human expertise to interpret automated outputs and author decisions, particularly for complex typologies such as trade-based money laundering and cross-border correspondent banking.

Virtual assets and emerging threats

Virtual asset service providers and financial institutions engaging with crypto-related activities are highlighted for intensified supervisory attention. The EBA outlines typologies involving layering through decentralised exchanges, mixing services and stablecoins, as well as the exploitation of privacy-enhancing tools. Firms are expected to map out their exposure, maintain up-to-date risk assessments, and apply appropriate CDD and transaction monitoring tailored to the specific risks posed by virtual assets.

Cross-border cooperation and information sharing

The Newsletter stresses the importance of timely cooperation between supervisors and financial intelligence units (FIUs), and between national competent authorities, to tackle complex, cross-border ML/TF schemes. It encourages improved mechanisms for information exchange, joint supervisory actions and harmonised approaches to risk classification to prevent regulatory arbitrage. The EBA also points to benefits from public-private partnerships and enhanced feedback loops from law enforcement to improve typology awareness within the private sector.

Enforcement, remediation and resource allocation

Supervisory feedback shows an increasing use of targeted enforcement actions where serious controls fail, alongside requirements for remediation plans and independent reviews. Firms are reminded that remediation should be evidence-based, time-bound and subject to testing. Competent authorities are also advised to prioritise scarce supervisory resources to high-risk sectors and entities, applying proportionality but maintaining rigorous oversight on systemically important firms.

Implications for legal and compliance teams

Legal and compliance functions must translate supervisory expectations into practical, documented changes across policies, training, onboarding and monitoring. This includes clear escalation paths for suspicious activity reports, strengthened vendor oversight for third-party AML solutions, and ongoing scenario-based training to equip investigators for emerging typologies. Boards must be provided with clear, concise MI that demonstrates control effectiveness and residual risk.

Close coordination with the evolving AMLA framework

With AMLA progressively operationalising parts of the EU AML architecture, the Newsletter encourages firms and national authorities to anticipate further harmonisation of supervisory practice and to engage proactively with consultation processes. The transition to more centralised elements of supervision will require robust data collection and interoperable systems to support cross-border oversight.

Dive deeper

• EBA ¦ AML/CFT Newsletter - Issue 16 ¦ Link