The European Union, a colossal engine of global finance, finds itself at a critical juncture in its protracted struggle against the pervasive problem of money laundering. Despite ambitious plans and a history of regulatory evolution, the bloc’s effectiveness in stemming the tide of illicit funds flowing through its sophisticated financial arteries remains a significant concern. Estimates of the annual volume of dirty money processed within the EU’s banking and financial services industry vary dramatically, with figures ranging from a conservative €117 billion to a staggering €750 billion. This wide discrepancy underscores the immense scale and opacity of the challenge, but the sheer magnitude of the EU’s financial markets inherently positions it as a prime conduit for criminal proceeds.
Evidence strongly suggests that a substantial proportion of criminal networks operating within the bloc leverage the single market’s financial infrastructure for their illicit activities. Approximately 70 percent of these networks reportedly utilize the EU’s financial system to launder their ill-gotten gains, with a similarly high percentage, around 80 percent, employing legitimate business structures to facilitate the movement of these funds. This alarming statistic points not only to systemic failures within the financial services sector in identifying, preventing, or reporting suspected money laundering but also to a broader lapse in preventative measures across other professional spheres, including accounting firms, tax advisory services, and law firms. Compounding this issue, law enforcement agencies tasked with combating money laundering are experiencing considerable difficulties. Data from EUROJUST, the EU’s Agency for Criminal Justice Cooperation, indicates that, on average, only a meager two percent of assets derived from organized crime are successfully confiscated annually, despite a concerning 15 percent surge in the number of cases.
In an effort to fundamentally alter this trajectory, the EU has established the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA). Formally launched in July of this year, AMLA is poised to play a pivotal role in harmonizing and coordinating anti-money laundering (AML) efforts across the 27 member states. While direct supervision by AMLA will not commence until January 1, 2028, its mandate is clear: to ensure the robust implementation of EU AML rules and to foster enhanced cooperation among the national Financial Intelligence Units (FIUs). The agency is also designated to directly oversee the EU’s highest-risk financial institutions, particularly those with significant cross-border exposures, and to exercise indirect supervision across both the financial and non-financial sectors. To facilitate its operations, AMLA has already forged Memorandums of Understanding with key European supervisory bodies, including the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Central Bank (ECB).
Despite the high hopes vested in AMLA as a unifying force capable of overcoming the historical fragmentation of national oversight that has allowed numerous high-profile and damaging money laundering scandals to slip through the net, the agency faces its own set of formidable challenges. Its broad remit is not matched by its current budgetary provisions. With a funding allocation of €119 million designated for the period between 2024 and the end of 2027, AMLA’s operational budget, starting in 2028, is projected to be €92 million annually. This funding will be primarily derived from fees, estimated at €65 million for 2028, supplemented by €27 million from the EU budget. By the time it becomes fully operational, AMLA is expected to employ 430 staff members. However, the significant delay before it can commence direct supervision, over two years away, means that substantial volumes of illicit funds are likely to continue permeating the EU’s financial system. Furthermore, concerns about leadership continuity loom, as the initial executive board will serve for only one year upon the agency’s activation in 2028.
The European Union’s historical performance in combating money laundering is, at best, mixed. Over more than three decades, the bloc has enacted six directives aimed at mitigating money laundering and terrorist financing risks. The most recent three of these were introduced within the past decade, spurred by a series of high-profile scandals that came to light around 2017 and 2018, implicating major financial institutions such as Danske Bank, Latvia’s ABLV Bank, Estonia’s Versobank, ABN Amro, and Commerzbank, among others. In response to these ongoing threats, the EU finalized its comprehensive "AML Package" last year, introducing a suite of new rules designed to counter ML/CTF risks. This package includes the Regulation on Money Transfer Information, which governs the data accompanying fund transfers and certain cryptocurrencies, the AML Regulation, and the sixth AML Directive. Both the Regulation and the Directive are slated to take effect in July 2027, with the Regulation applying directly across the EU and the Directive requiring transposition into national legal frameworks by member states. Crucially, this package also legislated for the establishment of AMLA, which commenced operations this past July.
Despite this legislative drive, the EU continues to grapple with effectively controlling the problem. A study released in March by Nasdaq Verafin, a financial crime technology software firm, estimated that illicit funds amounting to $750 billion flowed through the EU’s financial system in 2023 alone. This figure represents a quarter of the global total and is equivalent to 2.3 percent of Europe’s Gross Domestic Product (GDP). While AMLA’s creation signifies a proactive step towards a unified European strategy against financial crime, its ultimate efficacy will be determined by its implementation. The agency’s core objectives—harmonizing regulations, bolstering cooperation, supervising high-risk cross-border institutions, and addressing emerging threats like cryptocurrencies—directly target the fragmentation and intelligence gaps that criminals have exploited for years. However, these ambitious aims are fraught with significant challenges.
The non-financial sector, for instance, largely remains outside AMLA’s direct supervisory purview. Moreover, complex geopolitical factors, such as sanctions evasion, add layers of difficulty. Harmonizing disparate national approaches across 27 member states, directly overseeing critical entities, coordinating the efforts of numerous FIUs, and developing sophisticated IT and data systems are inherently complex and resource-intensive undertakings, demanding a level of expertise, personnel, and budgetary resources that AMLA is still in the process of acquiring. Many observers believe that a major hurdle for AMLA will be attracting and retaining experienced talent, given the fierce competition for skilled professionals within the financial crime compliance sector. Compounding these concerns, the 2028 operational start date for full supervisory powers may provide criminal organizations with ample opportunity to redirect illicit funds towards less regulated sectors, such as real estate, which fall outside AMLA’s immediate jurisdiction. There is also a prevailing sentiment that AMLA’s authority may be more influenced by political will in Brussels than by codified legal frameworks.
"AMLA presents a powerful deterrent on paper, but its true test will emerge when it initiates investigations into a national champion bank," observes Willem Wellingoff, Chief Compliance Officer at payments platform Ecommpay. "The critical question is whether member states will provide their full support, or if national interests will lead them to shield their domestic institutions." Fundamentally, the ability to prevent money laundering within the financial sector hinges on the commitment and capability of financial services firms themselves to actively combat the problem, rather than merely adhering to superficial compliance with existing regulations. According to Wellingoff, current delays in reporting and the functional separation of fraud and AML departments within financial institutions continue to grant criminals a strategic advantage.
These existing vulnerabilities are likely to be amplified by the rapid expansion of the fintech, regtech, and cryptocurrency sectors, an environment where innovation often outpaces regulatory governance. The European Banking Authority (EBA) has expressed concerns that money laundering and terrorist financing risks may be escalating due to current weaknesses in controls and compliance among these newer market entrants. These apprehensions are exacerbated by the often inconsistent, unclear, and uneven effectiveness of the risk-based approaches employed by financial regulators across the EU in overseeing these firms.
The EBA has been issuing opinions on money laundering and terrorist financing (ML/TF) risks biannually since 2017. In its most recent assessment in July, the EBA highlighted that the sector’s relentless pursuit of innovation and growth may be outpacing its capacity for effective risk management. The authority pointed to the "unthinking" adoption of regtech solutions intended to enhance AML compliance, coupled with the "spill-over risks" arising from increased interconnectedness between traditional financial service providers and the influx of innovative players like cryptocurrency firms, as particular areas of concern. The EBA’s findings indicate that as fintech products and services gain wider acceptance, many providers are prioritizing expansion over robust compliance. Alex Clements, Global Head of AML, CFT, and Sanctions at payment technology firm TransferMate, notes that numerous fintech, regtech, and crypto firms often prioritize rapid customer onboarding at the expense of rigorous "Know Your Customer" (KYC) controls, thereby creating exploitable gaps for criminals. "Once integrated into the system, criminals exploit digital wallets, virtual IBANs, and instant cross-border payment schemes to layer and move funds in ways that significantly complicate the tracing of illicit assets," Clements explains. "Simultaneously, the proliferation of privacy coins and decentralized finance platforms obscures the verification of fund sources by offering anonymity that can shield illegal financial flows."
The staffing levels dedicated to overseeing ML/TF risks are frequently inadequate, and the personnel often lack the requisite specialized training. Furthermore, a significant majority of surveyed regulators—52 percent—believe that fintech institutions do not possess a sufficient understanding of the risks associated with their products and services. The EBA also identified several other key areas of concern, including the sector’s over-reliance on third-party providers, heightened exposure to cybercrime, ineffective customer due diligence processes, and the substantial risks inherent in cross-border transactions. The EBA’s report also flagged worrying trends such as "white-labeling," where fintech companies provide the underlying infrastructure for financial services firms to market products under their own brands. This practice, the EBA warned, may lack adequate oversight, as regulators have assessed its risk as low without fully comprehending its widespread adoption. Regarding regtech, the EBA acknowledged its significant benefits in combating financial crime but cautioned that money laundering risks have escalated due to insufficient testing, improper usage, or inadequate implementation of these solutions, partly stemming from a lack of in-house expertise. The EBA also raised concerns about financial institutions’ heavy dependence on a limited number of regtech solutions, creating a systemic risk where vulnerabilities in one product could impact a multitude of firms.
The United Kingdom has persistently struggled to divest itself of its reputation as a major global conduit for illicit funds, despite possessing robust anti-money laundering legislation and a range of sanctions designed to penalize offenders. An estimated 40 percent of the world’s total volume of dirty money reportedly flows through the UK’s financial system. However, experts contend that progress in tackling this issue is hindered by the UK’s reliance on a multiplicity of under-resourced and ill-equipped regulatory and enforcement bodies. Anti-money laundering monitoring falls under the purview of 25 different entities, coordinated by the Office for Professional Body Anti-Money Laundering Supervision (OPBAS), a division within the Financial Conduct Authority (FCA). Since OPBAS’s inception in 2018, the effectiveness of this fragmented oversight system has been repeatedly questioned. "If one were to design an AML supervision system from scratch, it is unlikely that the current regime would be the outcome," comments Colette Best, Director of Anti-Money Laundering in the Legal Services Regulatory Team at law firm Kingsley Napley. In September 2024, OPBAS identified weaknesses in how the 25 supervisors exercised their enforcement powers to oversee their members, and alarmingly, found that none were "fully effective in all areas" of anti-money laundering measures.
The OPBAS report also indicated a decline in the number and value of fines issued compared to the previous year, and characterized the proactive sharing of information and intelligence with regulators and law enforcement as "inconsistent." Following a two-year consultation aimed at reforming AML supervision, the UK government announced in October 2025 its intention to establish a Single Professional Services Supervisor (SPSS). Under this reform, the FCA will assume direct responsibility for ensuring that accountancy and legal firms comply with anti-money laundering rules, shifting this oversight away from their respective professional bodies. However, the precise timeline for these changes and their practical implementation remain unclear. Prosecuting AML cases in the UK has also historically been a protracted process. In the decade leading up to December 2021, the FCA initiated only 23 criminal cases against individuals and corporations for failing to report suspicious money laundering-related activities. A significant factor hindering the UK’s efforts is a strategy that encourages a vast volume of reports, many of which are false positives. Approximately 900,000 such reports are generated annually, but resource constraints prevent a substantial portion from being meaningfully investigated. The cost of AML compliance is also considerable, prompting larger institutions to rely on automated systems that do not always function as intended.
Risks associated with money laundering and terrorist financing remain elevated within the cryptocurrency sector, partly fueled by a surge in transaction volumes and a 2.5-fold increase in the number of authorized crypto asset service providers in the EU between 2022 and 2024. However, a more fundamental issue is that many crypto firms continue to operate with a disregard for compliance, characterized by senior management’s lack of commitment, inadequate internal controls and governance, and a deliberate attempt to circumvent regulations under the belief that they do not apply to them.
Marit Rødevand, CEO of AML tech company Strise, attributes the sector’s failure to address these issues to a combination of cultural and structural factors. "Growth and speed to market are prioritized by developers, leaving compliance as an afterthought," she states. "In the crypto space, there’s an added reluctance to act until regulators mandate it. This results in a cycle of under-resourced compliance, insufficient controls, and firms playing catch-up rather than leading proactively." Research from the UK’s professional accounting body, ACCA, supports these observations, finding that fintech and regtech firms acknowledge that internal mechanisms often fail to translate into tangible actions, creating a persistent misalignment between written policies and actual practices—a scenario ripe for exploitation by fraudsters.
Artificial Intelligence (AI) is also exacerbating cybercrime, fraud, and money laundering risks. A 2024 report by security tech firm Signicat revealed that a staggering 42.5 percent of fraud attempts in financial services are now AI-driven. The report indicates that criminals are leveraging AI for money laundering to automate financial schemes, obfuscate the sources of funds, and make high-risk transactions more difficult to detect. Furthermore, AI can be employed to generate fraudulent documents, simulate legitimate operations, and bypass customer due diligence measures through sophisticated deep-fakes.
The recent history of enforcement actions against a number of new entrants, cryptocurrency, and fintech firms does little to assuage fears that financial crime will continue its upward trajectory, even as regulators across Europe intensify their monitoring and enforcement efforts. In 2023, Lithuania revoked the license of PayRNet, the European payments unit of banking platform Railsr, citing "gross, systematic, and multiple violations" of money laundering and terrorist financing laws. In May 2024, Germany’s financial regulator, BaFin, fined online bank N26 €9.2 million for its delayed filing of suspected money laundering reports. In July 2024, the UK Financial Conduct Authority (FCA) imposed a £3.5 million fine on CB Payments, part of crypto-asset trading platform Coinbase, for onboarding and/or providing e-money services to 13,416 high-risk customers. The previous year, Coinbase had agreed to a $100 million settlement with New York’s Department of Financial Services (DFS) over AML failings. In April 2025, Lithuania’s central bank fined British fintech firm Revolut €3.5 million for AML deficiencies.
Nick Henderson-Mayo, Head of Compliance at VinciWorks, a provider of compliance eLearning and software, asserts that AML compliance is "butting against" the AI-enabled technological revolution. "Fintechs compress onboarding into minutes, regtech tools often operate as ‘checkbox tech’ rather than embedded risk management, and crypto still enables anonymous, borderless value transfer," he notes. Henderson-Mayo adds that nearly 40 percent of illicit crypto transactions originate from sanctioned jurisdictions and entities. "Oligarchs leverage their speed, liquidity, and borderless nature to slip past traditional compliance checkpoints. It is akin to watching a river of money disappear underground. When it resurfaces, one can never be certain whose hands it has passed through."
Experts believe that the AML compliance efforts of fintech firms are hampered by a shortage of skilled personnel, compounded by a lack of specific regulatory requirements regarding the necessary skills for individuals in AML roles. Other factors may also contribute to ineffective AML monitoring. For example, many firms operate without full licenses, instead utilizing agents or distributors who are empowered to conclude contracts and onboard clients without adequate oversight from a sufficiently skilled money laundering reporting officer. Criminals also routinely appoint nominees, known as "money mules," to conduct transactions on their behalf, thereby evading scrutiny. Additionally, while AML detection technologies offer valuable insights, they require extensive integration to feed sufficient data into the systems, and by the time they are fully embedded, they may already be outdated.
While the EU has identified key areas of concern in its pursuit of curbing money laundering, the effectiveness of the measures it is implementing remains to be seen. A confluence of factors will be critical for success. In the absence of more robust, effective, and closely coordinated approaches from regulators to monitor financial activity, the ultimate responsibility for halting the flow of illicit money rests with the willingness and preparedness of industry players to bear the costs of compliance, rather than prioritizing client acquisition and new opportunities. Thus far, the allure of financial gain has demonstrably outweighed the expenditure required for comprehensive compliance.
