Fintech industry raises concern for money laundering, with regulatory body EBA issuing a warning
The European Banking Authority (EBA) has raised concerns about the evolving fintech landscape and its ability to effectively manage Anti-Money Laundering (AML) and Countering Financing of Terrorism (CFT) risks.
According to the EBA's July 2025 report, financial supervisors are particularly worried about high or rising AML/CFT risks in the fintech sector. About 70% of competent authorities reported that these risks are high or increasing, reflecting persistent vulnerabilities.
The report highlights several specific issues. Weak internal controls, poor governance, and insufficient expertise to manage AML/CFT risks effectively are prevalent among fintech firms. Some fintech providers prioritize rapid customer acquisition and growth over robust AML/CFT compliance, exacerbating vulnerabilities.
Fintech firms also face significant exposure to cybercrime risks, which criminals exploit to launder money. The use of artificial intelligence to automate schemes and forge documents is a growing concern.
Inadequate customer due diligence (CDD) and transaction monitoring procedures are a major weakness in the fintech sector. There are also concerns about outsourcing critical AML functions without effective supervisory oversight, increasing the risk of compliance gaps.
The use of regulatory technology (regtech) tools, intended to aid regulatory compliance, has also raised concerns due to improper implementation, contributing to serious compliance failures.
Moreover, fintech innovations, including crypto-assets and AI, have introduced new vulnerabilities that supervisors and institutions struggle to manage due to the pace of technological change exceeding that of regulatory developments.
The European Union has taken steps to address these concerns. A new EU Anti-Money Laundering Authority (AMLA) was created as part of an AML/CFT package published in the Official Journal of the EU on 19 June 2024. Based in Frankfurt, Germany, the AMLA will directly supervise several financial institutions in the EU.
Nicolas Vasse has been named as executive director of the AMLA, starting in September. He is a former head of operations at the European Securities and Markets Authority (ESMA) and currently a partner at IBM-owned consultancy Promontory.
The AMLA has published a 'Work Programme 2025' that includes operational priorities such as recruiting staff, developing internal governance, establishing essential IT infrastructure, preparing core functions, and building AMLA's identity and visibility.
Firms that were growing at a fast rate appeared to be particularly exposed to both issues. Sixty-four percent of CAs (Certified Auditors) highlight exposure to cybercrime as an important vulnerability.
The report underscores a disparity between the fintech sector’s rapid innovation and its ability to manage AML risks adequately, compounded by weak governance, insufficient due diligence, cybercrime exposure, and problematic outsourcing practices. These concerns form the core of financial supervisors' apprehensions about AML compliance in fintech in the EU as of July 2025.
Business leaders and financial supervisors in the European Union are expressing concern about the general-news surrounding Anti-Money Laundering (AML) and Countering Financing of Terrorism (CFT) risks in the technology-driven fintech sector. As highlighted in the EBA's July 2025 report, the fintech industry faces various challenges, such as weak internal controls, insufficient expertise to manage AML/CFT risks effectively, and a prioritization of growth over AML/CFT compliance. These issues, combined with growing concerns about cybercrime, outsourcing practices, and the use of regulatory technology tools, have raised serious AML compliance concerns within the fintech sector in the EU.
