The global AML/CTF landscape remains active with enforcement, legislative updates, and supervisory pressureacross multiple jurisdictions. Here’s what’s most relevant right now – and what it means for compliance operations.

Australia – External AML Audit Ordered

Australia’s financial intelligence regulator has mandated an external AML/CTF compliance audit of a large payments entity, a rarely used supervisory tool triggered by concerns over controls such as:

• transaction monitoring adequacy
• customer due diligence
• risk assessment frameworks This audit must be completed within 180 days and could lead to enforcement if significant gaps are found.

Why this is important: Regulators are moving beyond desk reviews – they’re forcing independent verification of AML programs, not just self-certification.

Practical point: Prepare for similar deep dives — especially if growing rapidly or expanding products/corridors.

Cyprus – AML Weaknesses Draw Significant Penalties

Cyprus’ financial regulator (CySEC) has imposed administrative fines totalling €2.3 million on supervised entities for failures including:

• weak customer due diligence
• gaps in transaction monitoring
• insufficient internal controls The regulator has stated it will increase supervisory intensity going forward.

Why this matters: Europe’s smaller markets are tightening oversight, and penalties often come with enhanced supervision commitments.

Practical point: Strong CDD and monitoring frameworks must be demonstrably robust — not just documented.

Taiwan – Legislative Strengthening of Counter-Terrorism Financing

Taiwan’s Cabinet approved amendments expanding the Counter-Terrorism Financing Act, including broader definitions of prohibited conduct and enhanced obligations for financial institutions and designated non-financial businesses to monitor, identify, and report suspicious activities linked to terrorism and weapons proliferation financing.

Why this matters: This aligns Taiwan more closely with FATF’s evolving terrorism financing standards and broadens prosecutorial reach.

Practical point: Systems and manuals should be updated promptly to reflect changes in risk definitions and reporting expectations.

Malaysia – High-Profile Money Laundering Charges

Malaysia has filed money laundering charges against a former senior national figure in connection with a defence procurement scandal, alleging proceeds were concealed via multiple accounts and assets.

Why this matters: High-profile cases highlight that AML frameworks are not just systemic compliance matters – they tie directly to enforcement of national corruption and fraud laws.

Practical point: AML teams should ensure alignment with broader economic crime enforcement triggers, not just financial thresholds.

India – Enhanced Crypto KYC/AML Requirements

India’s Financial Intelligence Unit has upgraded AML/KYC expectations for crypto platforms, including:

• live selfie biometrics
• geolocation checks
• expanded identity documentation
• improved transaction monitoring and audit trails This strengthens oversight of digital asset flows under the Prevention of Money Laundering Act (PMLA).

Why this matters: India is integrating crypto AML into mainstream compliance, not treating it separately.

Practical point: Crypto & VASP compliance must meet traditional AML rigor, not just tech-centric standards.

Spain & Nordic AML Penalties

Earlier this month, regulators in:

• Spain – imposed a €30m AML fine highlighting weaknesses in CDD, ongoing monitoring, and handling of complex corporate clients
• Denmark – imposed a €50m penalty for repeated AML compliance failures including customer due diligence and monitoring

These actions reflect continued emphasis on tried-and-true control areas (CDD/monitoring/governance).

Cross-Border Sanctions Developments

Sanctions watchlists continue to evolve with weekly reports showing frequent updates by major regulators (e.g., OFAC, EU, UK) – underscoring the importance of up-to-date screening and sanctions intelligence sourcing.

Practical point: Dynamic sanctions lists not only change names – they evolve definitions and licensing parameters that impact screening logic and blocking rules.

Global Enforcement Trends – What’s Shifting?

Across jurisdictions, common themes are emerging:

✅ Supervisory pressure is increasing – external audits and stronger investigative powers are being used, not just fines.

✅ Persistent control weaknesses get enforced — CDD, ongoing monitoring, escalation governance remain enforcement focal points.

✅ Digital assets are no longer an outlier — AML/KYC expectations for crypto are matching traditional finance standards.

✅ Legislative updates expand risk definitions — particularly in terrorism and proliferation financing.

Key Takeaway

Regulators now expect AML programs to be not only documented but operationally effective and testable. Having a policy isn’t enough – you must evidence that controls, monitoring, and escalation truly function as designed across real risk scenarios.