Get your tailored guide
Which compliance trend(s) are you interested in?
1
The cost of compliance
Cybercrime
Emerging risks - Crypto & GenAI
Organized crime
Fraud and scams
Sign-up to receive the full report
Your report
The cost of compliance
Download the full report
Go to next question
Go to last question
Go to results
Question 1/4
What does this mean for me?
Pay close attention to the fluid economic, regulatory, and risk environment that will persist through 2025 and beyond. There is little stability in any of these spheres, and developments in any of the three could combine to amplify negative effects.
In this varied environment, look for compliance tools that are agile and flexible. These tools should provide robust risk data with the potential for wide functionality and integration.
Consider carefully selecting vendors and partners, especially regarding high-priority criteria such as effective information security. Engage vendors and internal stakeholders early on these questions (e.g., during the RFP) to ensure your internal requirements can be met before too much time is invested in testing a platform your organization won’t support.
2024 brought a mixed economic outlook, with the UN Conference on Trade and Development forecasting global growth at 3 percent – an improvement from 2.2 percent in 2023 but still below pre-pandemic levels. McKinsey’s Global Banking Annual Review notes that while 2022 and 2023 were strong years for financial services, concerns persist about the sector’s long-term value, driven by reliance on high interest rates and rising regulatory and technology costs.
REGULATORY THEMES
4
Which regulatory themes would you like to learn more about?
Public-private partnerships
Beneficial ownership
Real-time payments
Artificial intelligence
Question 4/4
Download the full report
Environmental crime: The illegal trade in wildlife and resources, such as gold and avocados, has surged. In South America, OCGs have expanded into illegal mining, causing severe environmental degradation and exploiting local populations.
Weapons trafficking: The black market for arms is thriving, particularly in conflict zones. The ongoing conflict in Ukraine has escalated the illegal trade in advanced weaponry, creating security risks worldwide.
Several key areas highlighted the growing influence of organized crime groups (OCGs) in 2024, including:
Drug trafficking: The global drug market remains robust despite significant law enforcement victories, including the interception of large cocaine shipments and arrests of cartel leaders. Synthetic opioids have seen a rise in use, contributing to increased violence along trafficking routes.
Human trafficking: OCGs continued to exploit vulnerable individuals for forced labor and illegal migration. Tactics have evolved, with traffickers using deceptive job offers and visa schemes to lure victims. Conflicts in regions like Ukraine and Gaza have intensified these issues.
Organized crime has emerged as a dominant force in global criminality, driven by globalization, the internet, and advances in communication technologies. In December 2023, the UN Security Council underscored the need for enhanced intelligence on criminal markets and cooperative strategies to combat these threats.
Organized crime
What does this mean for me?
Organized crime is undoubtedly the major global driver of economic and financial crimes. Tackling it should be the fundamental goal not just of law enforcement agencies but also of businesses potentially exposed to its activities, especially the regulated financial sector.
Your team’s approach should go beyond tick-box compliance to thinking in detail about your company’s potential exposure to particular types of crime and crime typologies. Policies, procedures, and controls need to be agile, flexible, and open to recalibration.
Technology will play a major role in helping generate insights about potential OCG exposure, especially by leveraging integrated platforms and comprehensive risk data sets.
Question 2/4
Go to next question
Go to last question
China
North Korea
The Middle East
Russia & Ukraine
Which geopolitical hotspots are you focused on?
2
Question 3/4
Go to next question
Go to last question
Asia-Pacific
Europe
North America
Which region(s) are you most focused on for AML regulatory compliance?
3
What does this mean for me?
The scale, growth, and evolution of financial fraud remain a poisonous problem, especially if you work in a company exposed to e-commerce and with customer bases vulnerable to APP fraud. The best course of action is to advocate for investments in appropriate technologies that can adapt to detect and prevent new trends in fraudulent behavior at an early stage.
What does this mean for me?
The ongoing importance of cybercrime suggests that your team should look closely at its potential exposure to illicit online markets and the cyber security measures you have in place to protect your company and its customers. There is a justifable concern that, in too many cases, firms are leaving their doors ajar for hackers.
What does this mean for me?
If your firm is involved in or exposed to crypto, it's crucial to recognize its potential for criminal exploitation. As crypto's use in financial crimes like fraud, money laundering, and illegal betting increases, it’s important not to dismiss these risks as mere regulatory overreaction. Ensure that your business deploys effective AML/CFT measures, including robust due diligence, monitoring, and screening protocols. This will help protect not only your firm’s operations but also its long-term reputation.
Regarding GenAI, while we are at an early stage, the risks of AI-driven fraud, deepfakes, and fake identities will increase as the technology improves. As such, businesses should remain vigilant, particularly in customer identity verification (ID&V). Increasing awareness about the potential misuse of AI tools is essential, and implementing financial crime controls to support ID&V systems is necessary. However, it’s equally important to keep a close watch on how GenAI evolves in the coming years and to adapt your strategies accordingly.
What does this mean for me?
With the war continuing into 2025, sanctions on Russia will remain in place. Your firm should ensure its sanctions monitoring systems are up to date and responsive to new measures. As Western governments will face pressure to demonstrate the effectiveness of sanctions, compliance will be a priority, and enforcement actions could intensify. Russia will also seek ways to evade sanctions through third-party nations and FinTech, so businesses in payment services and crypto-asset sectors must stay vigilant to mitigate risks.
What does this mean for me?
If you work for a payment service provider (PSP) involved with Middle Eastern or East Asian markets, review your exposure to Iran and its partners. Ensure robust customer due diligence, transaction monitoring, and sanctions screening. Special attention should be given to potential sanctions evasion and trade-based money laundering risks. Flexible and agile risk management systems are crucial in adapting to evolving threats.
What does this mean for me?
You can expect little change in UN, US, or Western sanctions against North Korea in 2025. However, jurisdictions with less extensive sanctions may increase measures to match the US’s. It’s crucial to continue best practices in name and transaction screening, using platforms with up-to-date risk data. Be alert to risks of North Korean sanctions evasion through third countries and conduct thorough due diligence on high-risk clients, such as small- and medium-sized import/export firms.
What does this mean for me?
If your firm operates in the Asia-Pacific region, expect ongoing US sanctions and export controls against Chinese businesses, particularly in advanced technology sectors.�Be prepared for the US to designate additional Chinese financial institutions over systemic violations of Russia sanctions and for European allies to expand their restrictive measures to align with the US approach. As Chinese sanctions also evolve, companies may face conflicts of interest between Western and Eastern business interests. To manage these risks, ensure access to real-time risk data and name-screening platforms and evaluate the potential risks from relationships with Chinese financial institutions.
What does this mean for me?
A number of new firms are being brought into the scope of AML/CFT requirements in North America. Your team will need to ensure that your organization is able first to determine whether they are covered by a regulation, and then able to build out AML/CFT programs to comply with those requirements. This includes having documented programs in place and introducing relevant technology to support the processing of customers and transactions, depending on how many customers you have.
You should explore using both technology and outside technical expertise to document programs and carry out remediation on existing clients. 64 percent of senior financial crime decision makers we surveyed indicated that if they were starting from scratch, they would use either a single SaaS platform for customer or transaction screening and monitoring or a modular SaaS platform that allows for different modules to be turned on over time, both with data included.
What does this mean for me?
If your firm operates in Europe, stay updated on AML regulations and adjust your policies accordingly. Assess the impact of these changes and incorporate them into your AML/CFT programs. Ensure transaction filtering, funds transfer monitoring, and sanctions screening are in line with new requirements, especially in the payments sector.
What does this mean for me?
The changes may seem daunting if you’re operating and offering services in Singapore. You should review the various risk assessments and update enterprise-wide and customer risk assessments and AML/CFT policies to feed down through the enhanced due diligence, ongoing monitoring and assurance testing controls.
If you work for a firm that is being brought into the scope of Australia’s new act, you should contact AUSTRAC to review the relevant paper published for your industry. It contains examples of good practice under headings, including “What would this look like?” and should be taken into account when building out AML/CFT programs.
What does this mean for me?
With the growing regulatory landscape for AI, your team should stay informed on how to deploy AI systems securely and in compliance with evolving legal standards. Adopting international industry standards like ISO 42001, especially for firms with an international footprint, is advisable to align with stringent regulations like the EU AI Act. In North America and Asia-Pacific, applying a proactive approach aligned with EU standards may ensure better compliance.
Our survey found that 70 percent of respondents had a good understanding of AI regulations in financial crime compliance, while 30 percent had limited knowledge. Respondents were highly confident that AI regulations would mitigate risks related to explainability, bias, fraud, and governance, with confidence levels over 90 percent. In terms of AI deployment, 45-50 percent of firms use AI to prioritize transaction alerts, reduce remediation times, analyze historical data, forecast risks, and produce compliance reports.
Interestingly, 46 percent of respondents were very comfortable, and 45 percent were somewhat comfortable with compromising explainability for greater automation and efficiency. This highlights a need for a strong focus on explainability and auditability to comply with evolving regulations and avoid regulatory risks.
What does this mean for me?
The growth of RTPS presents challenges for financial institutions, particularly in fraud prevention and real-time transaction screening. Fraudsters often target fast payment systems, and there is an increasing need for compliance with sanctions lists and regulatory standards like ISO 20022. Ensuring that your firm has agile and compliant payment screening systems is crucial to managing these risks.
Our survey shows that 41 percents of respondents in Germany, France, and the Netherlands require significant upgrades to meet new regulations, while 49 percent already offer instant payments and need moderate enhancements.
What does this mean for me?�Regulated businesses have long hoped that BO registries would be a major help in the conduct of customer due diligence (CDD) and the fight against financial crime. However, current political and regulatory trends suggest that state-managed registries may not fully solve the issue of corporate opacity. Your firm is still obligated to identify the BO of clients under anti-money laundering (AML) and counter-financing of terrorism (CFT) legislation. As FATF suggests, this requires a “multi-pronged” approach that combines public information and commercial data to identify risks and discrepancies. Therefore, it is crucial for your firm to work with vendors offering reliable and comprehensive data to support CDD, monitoring, and screening processes.
What does this mean for me?
Your firm can benefit from participating in PPPs, as they provide valuable data and insights to help manage screening, monitoring, and due diligence. However, the pace of progress and participation is slow, often involving only larger financial institutions. Therefore, while engaging in PPPs is crucial, it should be complemented with strong in-house capabilities for gathering risk data and using agile platforms to mitigate financial crime risks.
According to our survey, the tightening of AML regulations will have the greatest impact on the fight against financial crime through stronger public-private cooperation and data-sharing protocols (47 percent). This is closely followed by guidance on transaction monitoring requirements and typologies (46 percent). Firms are looking for more support and guidance from financial intelligence units (FIUs), law enforcement, and regulators.�In contrast, tightening UBO legislation ranked lower (34 percent), signaling a preference for increased public-private collaboration. Firms are keen to leverage better data�and information to mitigate financial crime risks, highlighting the importance of close cooperation with public authorities.
Download the full report
Sextortion is another growing cybercrime trend, involving the coercion of victims into sending explicit material and then blackmailing them. In the UK, reported sextortion cases rose 19 percent in early 2024, with similar increases in the US and Australia. Much of this activity originates from West African cybercriminals, celebrated locally as ‘Yahoo Boys.’
Despite some law enforcement successes, cybercriminals have become more sophisticated. Chainalysis reported that 2024 could be the highest-grossing year for crypto ransoms, with July 2024 seeing a record $75 million ransom paid to the Dark Angels group. Centralized cryptocurrency exchanges are increasingly targeted, as seen in the $305 million hack of Japan’s DMM exchange in May 2024.
A particularly alarming trend is the increase in child sexual abuse material (CSAM) on the dark web. In 2024, the Internet Watch Foundation reported over 275,000 web pages containing CSAM, marking an 8 percent rise from the previous year. Payments for such material often use cryptocurrencies, especially privacy coins, to avoid detection. Some transactions also involve peer-to-peer payments in fiat currencies on the open web. A Guardian investigation in March 2024 revealed CSAM traded via a social media platform’s payment service.
Cybercrime in 2025 will fall into two main areas: the use of the surface and dark web for selling illicit goods, and cyber hacking to steal, extort, and ransom funds. Despite law enforcement's efforts to dismantle major dark web marketplaces like DarkMarket and Hydra Market, these platforms continue to thrive, offering illegal items such as ID documents and credit card details.
Cybercrime
Download the full report
As fraud continues to evolve in 2025, leveraging technology and psychological manipulation, businesses and individuals must stay vigilant against these increasingly sophisticated and hybrid fraud methods.
Investment scams: Fraudsters lure victims into investing in fraudulent ventures, including fake cryptocurrency schemes. High-profile cases in 2024 involved billions in losses, such as the collapse of FTX and scams�like HyperFund.
Business email compromise (BEC): Fraudsters spoof emails from senior business figures or suppliers, instructing employees to make payments to fraudulent accounts.
Romance fraud: Fraudsters exploit online dating to build relationships and request financial help. Generative AI is increasingly used to create realistic fake identities, making these scams more convincing.
Pig butchering (aka: romance baiting): A blend of romance and investment fraud, where victims are groomed through social media or dating sites before being persuaded to invest in fraudulent cryptocurrency schemes.
Financial fraud is a pervasive issue, involving organized crime rings, smaller groups, and individual fraudsters. The INTERPOL Global Financial Fraud Assessment (March 2024) highlights the increasing reliance on technology, making fraud a transnational threat.
Fraud and scams
Download the full report
Balance is crucial in assessing technology's criminal impact. Crypto's misuse is growing in fraud and money laundering, likely accelerating if regulations lag. GenAI, in an earlier stage, could increasingly aid fraud, but awareness might limit its effects for now. Firms must adopt strong AML/CFT measures and monitor technological developments to mitigate risks.
Terrorists also use crypto. Since 2020, Hamas has used it for funding, though its scale remains modest. Post-2023 attack claims about Hamas's crypto funding were contested by Chainalysis and Elliptic.
Money laundering with crypto is growing. Chainalysis's 2024 report indicated more traditional launderers adopting crypto. An OCCRP investigation found a $2.6 billion Brazilian drug laundering operation using crypto.
Crypto fraud is increasing. A 2024 scheme in Europe led to €113 million in losses, and the FBI reported $120 million in US crypto ATM scams in 2023. The US FTC noted $1.41 billion in crypto scam payments, following $1.86 billion in bank transfers.
Highlighting crypto as an emerging risk may seem unusual given its decade-long existence. Despite concerns, crypto hasn’t overtaken fiat currencies in crime; Chainalysis's 2024 report shows a 20 percent decline in illicit crypto use, with legitimate use growing faster. However, areas like ransomware and crypto-hacking show increased crypto usage. The Asian Racing Federation noted rising crypto use in illegal betting, and Chainalysis flagged its role in buying CSAM, often using privacy coins like Monero.
Emerging risks: Crypto & GenAI
Generative AI (GenAI) presents another rising risk. Criminals use it for fake IDs, fraud, and deepfakes. In 2024, scams included a $200 million deepfake in Hong Kong and fraudulent invoices. GenAI is also linked to non-consensual pornography and potential CSAM.
Download the full report
By 2024, the war in Ukraine continued with no clear end in sight. Russia made incremental territorial gains in the south and Donbas, but Ukrainian forces inflicted significant casualties on the Russian army. Despite some setbacks, Russia maintained support from non-Western nations, including Iran and North Korea. The US and European aid to Ukraine, however, faced delays and hurdles, weakening Ukraine’s military and morale.
Under President Putin, Russia has become a major global threat, backed by significant military power, economic resources, and a growing nuclear arsenal. Initially, his regime avoided direct confrontation with the West, but relations began deteriorating with Russia’s annexation of Crimea in 2014 and support for separatists in Ukraine. This tension deepened with the 2018 Skripal poisoning, culminating in Russia’s full-scale invasion of Ukraine in February 2022. This invasion marked�a dramatic shift in Western relations with Russia, leading to military aid for Ukraine, sanctions, and a historic rift.
Russia & Ukraine
Download the full report
The US also sanctioned individuals involved in Iranian assassinations, repression, and cyberattacks. Despite sanctions, Iran maintained its oil trade and evaded enforcement through new front companies. Sanctions helped prevent Iran from developing nuclear weapons – at least for now – though the regime’s intentions remain unclear.
The US continued targeting Iran’s oil trade, imposing sanctions on entities tied to the Ministry of Defense and Armed Forces Logistics. Efforts to curb Iran's missile and drone programs, and its support for Russia, were bolstered by measures from the EU, UK, and other allies.
The year began with Israeli military actions in Gaza following Hamas’s October 2023 attacks. While Israel weakened Hamas’s military capabilities and killed its leader, around 100 hostages remained unaccounted for, and ceasefire talks failed. Prime Minister Netanyahu faced criticism over his handling of the crisis. Israel also clashed with Hezbollah and Iranian-backed militias, escalating tensions with Iran, resulting in missile exchanges and airstrikes.
The Middle East
Iran’s shadow economy, fueled by illicit oil sales to China, supports its proxies, including Hamas, Hezbollah, and the Houthis. Iran uses front companies and tankers to obscure the oil’s origin, converting profits into US dollars and euros. Israel targeted the financial infrastructure of its adversaries with airstrikes and sanctions. The US, UK, and allies coordinated sanctions against Hamas, Hezbollah, and Iranian-backed groups' financial networks.
Download the full report
In response, the US, EU, and other Western powers imposed additional sanctions on North Korean entities. However, the existing sanctions regime has had limited effect, and North Korea remains focused on military expansion. Looking ahead to 2025, it is likely that North Korea will continue its confrontational stance, with more missile and nuclear tests, ongoing support for Russia, and hostility towards its neighbors.
Despite facing severe sanctions, North Korea continues to prioritize military development. Its economy remains crippled by isolation, with resources directed at weapons of mass destruction (WMD) and missile programs. The regime also engages in illicit financial activities, such as cybercrime, arms trafficking, and money laundering. In 2024, reports indicated that North Korea laundered millions of dollars in cryptocurrency, supporting its military initiatives.
North Korea’s ties with Russia deepened in 2024, with North Korea supplying arms to Russia in exchange for oil. This arms-for-oil trade became a key aspect of their cooperation. In March, Russia vetoed a resolution extending the UN sanctions panel monitoring North Korea, and in June, President Putin visited Pyongyang.�In November, both countries formalized a military agreement to support each other in case of attack.
North Korea remained a major source of geopolitical tension in 2024. A legacy of the Cold War, North Korea continues to threaten South Korea, Japan, and the United States. Tensions escalated in 2024 as North Korea distanced itself from potential reconciliation with the South, adopting a more aggressive posture. Kim Jong-Un’s rhetoric became increasingly hostile, with threats to destroy South Korea with nuclear weapons if provoked. Though no direct military action occurred, North Korea resumed missile tests, including a successful intercontinental ballistic missile (ICBM) launch in October and a failed satellite launch in May.
North Korea
Download the full report
The United States has focused its approach on economic and financial measures. Under Presidents Trump and Biden, the US has implemented export controls on military and dual-use technology and efforts like the CHIPS Act to reduce reliance on Chinese tech. Other measures include restrictions on Chinese involvement in US critical infrastructure, such as 5G networks, and targeted sanctions on Chinese officials and entities tied to repression or support for rogue states like Russia and North Korea. In response, China has criticized Western actions but has avoided extreme countermeasures, using a more restrained approach.
Despite these challenges, China also offers opportunities for the West. Unlike Russia, China’s global economic weight and strategic positioning make it difficult to isolate. The West, particularly in Europe and Southeast Asia, is economically intertwined with China. China’s diplomacy is more subtle than Russia’s, managing to navigate international relations with a balance of assertiveness and diplomacy, making it harder for Western governments to confront it directly.
On the international stage, China is increasingly revisionist, with territorial ambitions, particularly regarding Taiwan and the South and East China Seas. Its 'One China' policy seeks to assert control over Taiwan, while the 'Nine Dash Line' aims to redraw maritime boundaries. Additionally, China has invested heavily in global influence through initiatives like the Belt and Road Initiative (BRI) and cultivated closer ties with countries such as Russia and Iran. Moreover, China's Cross-Border Interbank Payment System (CIPS) could serve as an alternative to SWIFT, potentially bypassing sanctions like those imposed on Russia.
China, under President Xi Jinping, is one of the most significant geopolitical challenges for the West. It has emerged as a major global power with a booming economy – reaching nearly $18 trillion in GDP in 2023. As an authoritarian state governed by a communist elite, China rejects Western democratic values and the international rules-based order. Domestically, China has repressed minorities like the Uyghurs, curtailed Hong Kong’s autonomy, and targeted critics both inside�and outside its borders.
China
Download the full report
Donald Trump's re-election has brought uncertainty to AML/CFT and anti-corruption efforts. The 2024 National Money Laundering Risk Assessment highlights the U.S.'s vulnerability to money laundering due to its large economy. Key threats include fraud, drug trafficking, cybercrime, money mule networks, Chinese laundering operations, sanctions evasion, corruption, human trafficking, and tax crimes. Vulnerabilities include cash, prepaid cards, peer-to-peer payments, VASPs, luxury goods, casinos, and online gaming.
United States
As of January 2025, the Corporate Transparency Act (CTA) is in limbo after�a December 2024 federal court injunction suspended enforcement due to constitutional concerns. FinCEN had outlined reporting requirements for beneficial ownership, defining substantial control and ownership interest criteria, initially set for January 1, 2025. Despite the pause, companies should use this time to evaluate and bolster their compliance programs, as the CTA suspension may be temporary.
North America
Download the full report
France
The European Council is also advancing instant payments through SEPA Instant Credit Transfer (ICT), which requires compliance with updated regulations, fraud prevention, and payee verification. Regulation (EU) 2024/886, effective March 2024, sets rules for cross-border euro IPs and mandates sanction screening and fraud risk management.
European Union
Europe
France has created an interministerial committee to improve coordination in the fight against money laundering and terrorist financing. The committee will propose strategic priorities and ensure national measures align with EU and international standards. The country is refining its requirements for politically exposed persons (PEPs), focusing on risks posed by domestic and foreign PEPs. While no major reforms are anticipated, administrative improvements continue.
Download the full report
Australia's AML/CFT reforms, approved in late 2024, expand requirements to professional service providers like real estate agents and digital currency exchange providers. These reforms include better risk mitigation, stricter due diligence for gambling service providers, and updates to the tipping-off offense. The National Risk Assessments highlight illicit drug and tax crimes as the main money laundering threats. AUSTRAC has also issued guidance for various sectors, including casinos and the bullion industry, to identify suspicious activities. Financial institutions must implement these guidelines in training and transaction monitoring systems.
Australia
In 2024, Singapore made significant strides in combating money laundering, seizing over S$3 billion in assets from organized crime. The Monetary Authority of Singapore (MAS) has also updated its risk assessments and controls, introducing measures for counter-proliferation financing (CPF), money laundering, and terrorism financing. Key sectors like banking, real estate, and digital payment service providers must integrate enhanced due diligence, ongoing monitoring,�and compensation frameworks for fraud. The Anti-Money Laundering and Other Matters Act, passed in August 2024, tightens regulations on casinos and introduces new frameworks for fraud and environmental crime-related money laundering.
China will continue to enhance its anti-corruption efforts in 2025, particularly in the investment banking sector, with strict travel restrictions and oversight on IPOs. The revised Anti-Money Laundering Law, effective January 1, 2025, introduces an all-crimes regime, broadening the scope to include proceeds from all criminal activities, including terrorism financing. It expands AML measures to non-financial institutions like real estate developers and law firms, mandates KYC compliance, and introduces a beneficial ownership registry. The law also extends extraterritorial jurisdiction and requires enhanced due diligence, customer monitoring, and third-party service provider risk assessments.
China
Asia-Pacific
Singapore
Download the full report
Governments share concerns about effectiveness, safety, data security,�and transparency in AI systems. As AI becomes more embedded in financial crime compliance, regulators emphasize explainability and auditability, avoiding "black-box" AI systems. Financial regulators, including the FATF, support AI in AML/CFT but caution against reliance on unexplainable AI.
Asia-Pacific has a diverse regulatory landscape. China is a leader in AI regulation, with laws addressing algorithms and generative AI. Countries like Thailand and Vietnam are moving towards comprehensive regulations, while others like South Korea and New Zealand favor a more flexible approach. Singapore and Malaysia have introduced voluntary AI frameworks, while Hong Kong and Australia are also developing regulations.
In North America, AI regulation is fragmented, with the US lacking a unified approach. States like Colorado are proposing measures to prevent algorithmic discrimination. Canada introduced the Artificial Intelligence and Data Act (AIDA) in 2022, focusing on risk-based governance. Europe’s AI Act introduces a centralized, risk-based regulatory model, with high-risk applications facing stricter requirements. The UK’s government is working on AI regulation, with proposals expected in 2025.
The global AI market is expected to reach $1,339 billion by 2030, with applications in process automation, predictive maintenance, and customer experience personalization, significantly impacting financial institutions and compliance. AI’s capabilities improve financial crime compliance, such as AML and fraud detection, by reducing false positives and enhancing anomaly detection. However, risks exist, including biased decisions and vulnerability to malicious exploitation. Policymakers, including the G7, OECD, and UN, have begun addressing these concerns, with initiatives like�the Hiroshima Process to guide safe AI use.
Artificial intelligence
Download the full report
Key drivers behind RTPS include technological advancements, particularly API standards and distributed cloud computing. ISO 20022, introduced in 2004, has streamlined payment messaging and supported faster payments. By 2025, SWIFT predicts 80% of high-value payments will be executed using this standard.
Real-time payment schemes (RTPS), also known as Fast Payments Schemes (FPS), have significantly advanced the financial sector, enabling greater financial inclusion, especially for small businesses and retail customers. RTPS allow near-immediate account-to-account transfers, enhancing transaction speed and efficiency. As of October 2024, about 120 jurisdictions have live systems, with more expected to follow. The global RTPS market is growing rapidly, particularly in the Asia-Pacific region, with an annual growth rate of 35.5% projected between 2023 and 2030.
Real-time payments
RTPS typically begin with person-to-person (P2P) payments and expand to person-to-business (P2B) payments. Their adoption has surged in recent years, with countries like South Africa and the US upgrading their systems to improve market impact. Similarly, in Canada and the UK, there are ongoing upgrades to existing fast payment infrastructure.
Download the full report
In the EU, the implementation of BO transparency has been inconsistent, and a 2022 court ruling limited public access. A new AMLD will restrict public access to those with a "legitimate interest." In the Asia-Pacific region, progress is slower, with limited public access in countries like Singapore and Malaysia. Australia and New Zealand have delayed or suspended plans for public BO registers.
The UK has been a leader in transparency, with a public registry of Persons of Significant Control (PSC) since 2016. The Economic Crime and Corporate Transparency Act 2023 aims to further strengthen transparency, but challenges remain regarding data completeness and enforcement.
However, the reality on the ground varies. In North America, Canada and the US have advanced at different paces. Canada has required internal BO registers�since 2019, with public access expected by 2025. In contrast, the US introduced the Corporate Transparency Act (CTA) in 2021, which mandates reporting of BO information to FinCEN, but public access will be restricted and controlled.�Legal challenges could delay full implementation.
Transparency regarding the beneficial ownership (BO) and ultimate beneficial ownership (UBO) of companies has been a significant political issue in the past decade, highlighted by the Panama Papers and other revelations exposing the use of shell companies for illicit activities. In response, global organizations like the G7, G20, and FATF have worked towards increasing BO transparency. FATF strengthened standards in 2022, requiring member states to establish public BO registers�and adopt a comprehensive approach to collecting BO information. By 2024,�90 countries had active BO registers, with many more planning or implementing them.
Beneficial ownership
Download the full report
While PPPs are established and here to stay, their growth may slow in 2025. Existing partnerships are likely to expand to other AML/CFT sectors and address�a wider range of crimes. However, challenges related to data security and privacy may slow progress on operational and tactical partnerships, as seen with TMNL.
In Canada, Bill C-69 allows private-to-private information sharing to detect money laundering and terrorist financing. Hong Kong also has a strong record of PPPs, with the Fraud and Money Laundering Intelligence Taskforce and a 24/7 stop-payment mechanism. A consultation on private-to-private sharing is set for legislative changes in 2025. However, the Netherlands’ Transaction Monitoring Netherlands (TNML) project faced setbacks due to new EU regulations, which could delay its restart until 2027.
One of the first PPPs, the UK’s Joint Money Laundering Intelligence Taskforce (JMLIT), created in 2015, is expanding its model under the Second Economic Crime Plan. In July 2024, the National Crime Agency (NCA) worked with UK banks to pilot a scheme for sharing account data indicative of criminal activity. Similarly, Singapore launched the COSMIC platform in April 2024, enabling six banks to share customer information related to financial crimes like shell companies and trade-based money laundering.
Since 2015, public-private partnerships (PPPs) have grown globally, aiming to improve information sharing on financial and economic crimes. These partnerships range from tackling specific risks like terrorist financing to broader initiatives addressing financial and predicate crimes. Many focus on sharing thematic risks and typologies, while some go further by sharing operational intelligence for specific law enforcement actions. FATF has supported these efforts. However, 2024 saw�a shift from geographic expansion to evolving existing frameworks.
Public-private partnerships
Go to next question
Go to next question
Go to next question
Go to results
REGULATORY REGIONAL FOCUS
GEOPOLITICAL HOTSPOTS
Compliance trends
The sanctions against Russia, which intensified post-invasion, targeted political, military, and economic figures, freezing assets and removing Russian banks from the SWIFT system. They also included bans on weaponry, dual-use items, and key Russian commodities, with notable measures like the G7’s oil price cap introduced in December 2022.
Regulation (EU) 2024/1620: Establishes the Anti-Money Laundering Authority (AMLA), which will oversee high-risk financial institutions, coordinate with national authorities, and assist Financial Intelligence Units (FIUs).
Directive (EU) 2024/1640: Requires countries to set up central beneficial ownership registers and grant FIUs access to banking and real estate data.
Regulation (EU) 2024/1624: Expands AML obligations to the private sector, including crypto-asset providers and high-value goods dealers, with enhanced due diligence, new thresholds, and access to beneficial ownership information for legitimate parties.
The EU will implement the AML package in 2025 to disrupt criminal money laundering and misuse of corporate structures. It includes three key legislative pieces:
FinCEN is also expanding Bank Secrecy Act (BSA) regulations to include residential real estate and investment advisers, requiring AML/CFT programs and suspicious activity reports. These measures address risks from foreign corruption, fraud,
and sanctions evasion, with compliance deadlines in late 2025 and early 2026.
Ensure resources are in place to assess and implement changes to the UK’s evolving AML/CFT framework. Incorporate proliferation financing into your risk assessments, monitor for APP fraud, and conduct a gap analysis against the FCA’s updated financial crime guide. Stay engaged with the FCA to address challenges and opportunities as technology adoption continues and further regulations take effect.
Germany’s Financial Crime Prevention Act, effective January 2024, establishes�the Federal Office to Combat Financial Crime (BBF). However, a super authority’s creation remains uncertain. BaFin has issued new guidance for the German Anti-Money Laundering Act, including updates for crypto-asset providers and enforcement of sanctions.
Germany
Canada’s AML/CFT strategy for 2023-2026 focuses on enhancing its financial crime framework. With CAD$113 billion laundered annually, priorities include better coordination, addressing regulatory gaps, and improving oversight of virtual currencies, mortgage lenders, and crowdfunding platforms. The 2024 budget proposes amendments to the Proceeds of Crime Act to enhance information sharing and extend obligations to more financial entities, including cheque-cashing businesses and title insurers. The Canada Financial Crimes Agency (CFCA) is being developed to lead enforcement, aiming to increase prosecutions and asset seizures. Additional measures focus on combating trade-based fraud and improving investigative processes against tax evasion and financial crimes.
Canada
The rise in costs is fueled by evolving financial crimes as criminals leverage new technologies and geopolitical instability, necessitating more sophisticated compliance strategies.
Compliance costs have surged in this challenging environment. PwC’s EMEA AML Survey 2024 found that 51 percent of firms saw compliance costs rise over 10 percent in 2022 and 2023, with AML expenses up 14 percent on average. Major cost drivers include staffing and technology investments, with 55 percent of firms planning further budget increases.
On the positive side, RegTech advancements have led to greater adoption of AI-driven, cloud-based solutions, enhancing compliance capabilities. Our 2025 survey highlights an increased use of AI for alert prioritization, reducing remediation times, and generating reports through generative AI (GenAI).
Despite these advancements, challenges remain. Technological compatibility (53 percent) and information security (InfoSec) policies (48 percent) are the top barriers to implementing new technologies, followed by cost concerns (43 percent). InfoSec is particularly critical, with 63 percent of respondents prioritizing it over other internal stakeholders, including the C-suite, legal, and financial teams.
Technological compatibility
Information security policy
Cost/budget
53%
48%
43%
71%
0%
26%
4%
Does your organization include a detailed analysis of its exposure to organized crime activities in its organization-wide risk assessment?
Yes, we do this currently
No, we don't do this currently but plan to within the next 12 months
No, we don't do this currently but plan to in over 12 months time
No, we do not do this currently and have no plans to do so
To what extent do you understand how the legislators and regulators in your primary jurisdiction plan to regulate AI technologies relating to financial�crime compliance?
70%
30%
Limited understanding
Good understanding
10%
49%
41%
On track with significant overhaul required
On track with moderate enhancements needed
On track with minimal adjustments
We did not previously offer instant payments and/ or needed to make substantial investments in new technology and/ or increased headcount
We previously offered instant payments and/ or needed additional technology and/or increased headcount to comply with the new requirements
We are on track to meet the deadline with minimal increases/ changes in technology or headcount
64%
SaaS platform (single or modular)
Imagine you are starting your compliance and financial crime risk management tech stack from the beginning again. Which of the following set-ups would
you prefer?
Impostor scams: Fraudsters pose as trusted figures, such as bank officials or relatives, to deceive victims into transferring funds or personal data.�In 2023, the US Federal Trade Commission reported $2.7 billion in losses from these scams.
Authorized push payment (APP) fraud: Victims are tricked into authorizing payments to fraudsters. Common variants include:
Purchase scams: Fake businesses solicit payments for non-existent products or services.
Malicious redirection: Fraudsters posing as officials convince victims to transfer money to fraudulent accounts or convert it into cryptocurrency or gift cards.
The most prevalent types of contemporary fraud include:
Beyond illicit markets, cybercrime encompasses a range of hacking activities.�In 2024, INTERPOL’s Operation Synergia identified over 1,300 suspicious IP addresses linked to phishing, malware, and ransomware. Europol also led�an international effort to dismantle LockBit, a ransomware-as-a-service tool.
Cybercrime remains pervasive despite increased awareness and enforcement efforts. The dark web’s persistence and ongoing cybersecurity vulnerabilities ensure that cybercriminals will continue exploiting these avenues, making it�a persistent global threat.
With the war persisting, the US is expected to pressure Ukraine into negotiations, though a compromise may be difficult. Russia may also be open to talks, but its conditions, including the denial of Ukraine’s NATO aspirations, make a lasting peace unlikely. The use of nuclear weapons remains a threat, with hybrid warfare and subversive tactics becoming more prominent.
In 2024, the US and UK intensified sanctions against Hezbollah, targeting facilitators and front businesses. The US also cracked down on Houthi operations linked to Iran’s illicit oil trade. Additional designations targeted Iraqi militias and other proxy groups. In June, the US sanctioned Al-Huda Bank for facilitating terrorist financing.
Reports in September revealed that North Korea had sent over 16,500 containers of munitions to Russia, and North Korean troops were deployed to assist in the war, marking a significant development in their alliance.
Courier fraud: Often targeting seniors, fraudsters pose as bank or police officials, convincing victims to hand over valuables for ‘safekeeping.’ In 2023, UK pensioners lost £28.7 million, with individual losses reaching as high as £5.3 million.
Which area of AML regulations require tightening in your country in order to have the greatest impact on financial crime?
Organized crime will continue to evolve in 2025, exploiting vulnerabilities in legitimate markets like the gold and avocado industries due to rising global demand. Our survey suggests that businesses are extremely aware of the risks of exposure to organized crime, with 71 percent of organizations saying they already undertake a detailed analysis of exposure to organized crime in their financial crime risk assessments and a further 26 percent saying they plan to undertake one in the next 12 months.
The Economic Crime and Corporate Transparency Act (2023) has been passed, with certain provisions already in effect. As of January 2025, these include enhanced powers for Companies House and the introduction of an APP fraud reimbursement regime. However, full implementation is ongoing, and additional reforms, such as strengthening fraud controls and adapting AML/CFT programs, will be phased in over time. Firms should expect more detailed requirements in�the near future as these reforms are fully enforced.
United Kingdom
In Europe, real-time payments are becoming mandatory. Starting in 2025, all payment service providers (PSPs) in the Eurozone will be required to process instant payments, setting a precedent for other regions. The SEPA Instant Credit Transfer system, in place since 2017, will expand, ensuring that credit transfers are completed in less than 10 seconds.
Cross-border payments are also evolving with the rise of digital currencies and central bank digital currencies (CBDCs). CBDCs are seen as a way to streamline international payments, and many countries are exploring their use, although practical deployment is still limited. For example, the digital euro may launch by 2026, and the US Federal Reserve is still deliberating on a digital US dollar. Meanwhile, QR codes and APIs are enhancing cross-border retail payments, particularly in Asia-Pacific.
On-premise platform
18%
Investment scams: Fraudsters lure victims into investing in fraudulent ventures, including fake cryptocurrency schemes. High-profile cases in 2024 involved billions in losses, such as the collapse of FTX and scams�like HyperFund.
Business email compromise (BEC): Fraudsters spoof emails from senior business figures or suppliers, instructing employees to make payments to fraudulent accounts.
Romance fraud: Fraudsters exploit online dating to build relationships and request financial help. Generative AI is increasingly used to create realistic fake identities, making these scams more convincing.
Pig butchering (aka: romance baiting): A blend of romance and investment fraud, where victims are groomed through social media or dating sites before being persuaded to invest in fraudulent cryptocurrency schemes.
Environmental crime: The illegal trade in wildlife and resources, such as gold and avocados, has surged. In South America, OCGs have expanded into illegal mining, causing severe environmental degradation and exploiting local populations.
Weapons trafficking: The black market for arms is thriving, particularly in conflict zones. The ongoing conflict in Ukraine has escalated the illegal trade in advanced weaponry, creating security risks worldwide.
Despite these challenges, China also offers opportunities for the West. Unlike Russia, China’s global economic weight and strategic positioning make it difficult to isolate. The West, particularly in Europe and Southeast Asia, is economically intertwined with China. China’s diplomacy is more subtle than Russia’s, managing to navigate international relations with a balance of assertiveness and diplomacy, making it harder for Western governments to confront it directly.
In the EU, the implementation of BO transparency has been inconsistent, and a 2022 court ruling limited public access.�A new AMLD will restrict public access to those with a "legitimate interest." In the Asia-Pacific region, progress is slower,�with limited public access in countries like Singapore and Malaysia. Australia and New Zealand have delayed or suspended plans for public BO registers.
close
47%
38%
46%
41%
40%