Terrorist Financing (“ML”/”TF”) risks, published on 28 July 2025, highlighting the evolving threats facing the EU’s financial sector. Drawing on data from 2022 to 2024, the EBA identifies critical vulnerabilities in FinTech, RegTech, crypto assets and fraud, urging financial institutions and regulators to strengthen anti-money laundering and counter-terrorist financing (“AML”/“CTF”) frameworks. The report underscores the need for robust controls, effective supervision, and proactive risk management to address the increasingly complex ML/TF landscape.
Key Money Laundering and Terrorist Financing Risks
- FinTech: Growth Outpacing Compliance
The rapid expansion of FinTech firms has driven innovation but introduced significant ML/TF risks. According to the EBA, 70% of competent authorities report high or increasing risks in this sector, driven by inadequate customer due diligence (CDD), exposure to cybercrime, and weak oversight of outsourced services.
The EBA notes that many FinTech firms prioritise customer acquisition over compliance, with 69% of authorities citing insufficient AML/CTF controls. This gap is particularly concerning as traditional institutions acquire FinTech firms, potentially spreading vulnerabilities across sectors.
- RegTech: Risks from Poor Implementation
RegTech solutions promise streamlined compliance, but their misuse can create vulnerabilities. Over half of the EBA’s EuReCA database submissions indicate compliance failures linked to improper RegTech use, particularly in credit and payment institutions.
Key issues include inadequate in-house expertise, poor governance and reliance on generic “off-the-shelf” solutions that are not fit for purpose. The EBA stresses the need for responsible RegTech deployment, supported by robust oversight and staff training.
- Crypto Assets: Persistent High Risks
The crypto asset sector remains a key concern, with a 2.5-fold increase in authorised Crypto Asset Service Providers (‘CASPs’) between 2022 and 2024. Despite the new EU crypto framework (‘MiCA’), some CASPs have bypassed licensing processes, evading AML/CFT supervision.
The EBA highlights deficiencies in AML/CTF systems, with 53% of authorities noting a lack of understanding of ML/TF risks and 43% pointing to inadequate customer identity verification. Links with other financial sectors, such as e-money and payment institutions, further amplify these risks.
- Fraud and AI-Driven Cybercrime
The rise of AI-powered fraud schemes has outpaced many institutions’ defensive capabilities. Criminals use AI to automate money laundering, generate false documents, and bypass CDD measures through deepfake technologies.
The EBA’s findings show that financial institutions struggle to detect these sophisticated attacks, which are increasing in both volume and velocity. The report calls for advanced technologies, real-time monitoring, and specialised expertise to counter these threats.
Compliance Challenges
Many institutions lack adequate screening systems, particularly for SEPA instant credit transfers and card payments, risking inadvertent breaches. The EBA’s forthcoming guidelines, effective from late 2025, aim to standardise compliance with restrictive measures, but institutions must act swiftly to align policies and procedures.
Key Failures and Deficiencies
The EBA identifies common shortcomings across sectors, including:
- Inadequate CDD measures (61% of breaches);
- Weak transaction monitoring; and
- Insufficient staff training.
The crypto and payment sectors, particularly newly authorised entities, exhibit the highest residual risks due to poor AML/CTF controls. Additionally, the unthinking use of RegTech and reliance on a few providers heighten systemic vulnerabilities.
The EBA also notes that terrorist financing risks remain under-addressed, with some institutions overly reliant on sanctions screening rather than conducting robust TF risk assessments.
From a regulatory perspective, Directive (EU) 2015/849 and the forthcoming AML Regulation (‘AMLR’) mandate risk-based AML/CTF supervision and effective controls. Failures in governance, risk assessment, and timely reporting have led to significant supervisory actions, with competent authorities increasing targeted inspections to address these gaps.
Regulatory Implications and Compliance Lessons
Key takeaways from the EBA’s Opinion include:
- Institutions must enhance CDD processes and implement real-time monitoring to detect suspicious activities.
- RegTech and AI solutions require proper testing, oversight, and customisation to ensure effectiveness.
- Regular training on ML/TF risks, including TF-specific measures, is essential to address human error and improve compliance.
- Institutions need advanced screening tools and policies to comply with complex sanctions regimes.
As Money Laundering and Terrorist Financing threats evolve, institutions must adopt proactive measures, integrating advanced technologies, robust governance, and comprehensive training. The positive trend of declining tax crime and unwarranted de-risking shows progress, but persistent vulnerabilities in FinTech, crypto, and fraud demand urgent action.
How Complyport Can Help
Complyport offers tailored solutions to strengthen AML/CTF and CPF frameworks, supporting organisations meet EBA, EU and UK regulatory expectations. Our services include:
- AML Risk Assessments and Gap Analyses
- CDD and Transaction Monitoring Systems review
- Policy Development
- Due Diligence support and assurance reviews
- Staff Training on ML/TF/PF risks and compliance
- Senior Management and Executive training on ML/TF/PF risks
- Regulatory Compliance Support on AMLR, MiCA, EBA Guidelines, PSD2 and UK regulatory framework
Book a Meeting with a Complyport SME
To learn how to enhance your organisation’s AML/CTF/CPF strategies and ensure compliance with regulatory expectations, book a consultation with a Complyport Subject Matter Expert today.
Ask ViCA, your Virtual Compliance Assistant.
Access instant answers on regulatory changes.
Claim your complimentary 20 queries today! Register here: https://vica.chat
