EBA's 2025 Opinion on Compliance Tech Risks

A careless use of innovative compliance products can lead to money laundering and terrorism financing risks, the EBA says in its Opinion

The European Banking Authority (EBA) has issued its 2025 Opinion on money laundering and terrorist financing (ML/TF) risks affecting the EU's financial sector. This year marks a significant change in the ML/TF risk landscape, influenced by geopolitical developments, legislative reforms, and digitalisation. New vulnerabilities are emerging, and the consistent application of the new EU legal framework is crucial in addressing these risks. Enhanced supervisory engagement has equipped some sectors better to tackle financial crime.

Key Observations

FinTech: 70% of competent authorities report high or rising ML/TF risks in the financial sector, pointing to weak AML/CFT controls and poor governance, as firms prioritize growth over compliance.

RegTech: Over half of serious compliance failures reported to the EBA's EuReCA database involved the improper use of RegTech tools. Despite its potential to enhance compliance, RegTech is often poorly implemented due to lack of expertise and oversight.

Crypto Assets: This remains a high-risk sector, with a 2.5-fold increase in authorized crypto-asset service providers (CASPs) between 2022 and 2024. Many CASPs lack effective AML/CFT systems, and some attempt to bypass regulatory oversight.

Fraud and AI: Criminals are increasingly using AI to automate laundering schemes, forge documents, and evade detection. Financial institutions struggle to keep pace with these sophisticated threats, highlighting the need for responsible AI use and robust monitoring.

Restrictive Measures: The complexity of EU sanctions regimes poses compliance challenges. Institutions often lack adequate systems to implement sanctions effectively. The EBA's new Guidelines, applicable from end-2025, aim to harmonize standards across the EU.

Legal Basis

The Opinion has been issued in accordance with Article 6(5) of (EU) 2015/849 (The Fourth EU Anti-Money Laundering Directive), which requires the EBA to issue an Opinion on ML/TF risks affecting the EU's financial sector every two years. The Opinion and its related report inform the European Commission's Supranational Risk Assessment (SNRA), as well as the risk assessments carried out by competent authorities and the EBA's policies and priorities.

Quelques pistes pour l'intégration opérationnelle dans votre dispositif :

• Évaluer et renforcer les contrôles AML/CFT existants pour les nouvelles technologies.
• Former le personnel sur l'utilisation responsable de l'IA et des outils RegTech.
• Mettre à jour les systèmes pour se conformer aux nouvelles directives de l'UE sur les sanctions.
• Surveiller en permanence les risques émergents liés aux crypto-actifs.
• Collaborer avec les autorités pour améliorer la gouvernance et la conformité.