EBA Opinion on Money Laundering and Terrorist Financing Risks Affecting the EU Financial Sector
- James Ross
- Jul 29
- 3 min read
The European Banking Authority (EBA) published its fifth Opinion on money laundering (ML) and terrorist financing (TF) risks affecting the EU's financial sector (EBA/Op/2025/10) on July 28, 2025. This biennial report, based on data from January 2022 to December 2024, highlights a dynamic and increasingly complex ML/TF risk landscape, driven by rapid technological advancements and evolving criminal behaviours.
Key Findings and Implications
The EBA's Opinion identifies several critical areas of concern and positive developments within the EU financial sector's fight against ML/TF:
FinTech and RegTech Risks
The rapid growth of FinTech firms, while innovative, has outpaced robust Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) controls. 70% of competent authorities (CAs) report high or increasing ML/TF risks in this sector, citing vulnerabilities such as exposure to cybercrimes, inadequate customer due diligence (CDD), and insufficient governance structures. Similarly, while RegTech solutions offer potential for better compliance, their poor implementation, lack of in-house expertise, and over-reliance on a few providers have led to serious compliance failures.
Implication: Regulators and supervisors need to prioritise ensuring that equally robust AML/CFT frameworks match innovation in financial services. This requires proactive supervision, clear guidance on implementing FinTech and RegTech solutions responsibly, and potentially mandating minimum standards for governance and expertise within these firms. Traditional financial institutions acquiring FinTechs must also integrate these new risks into their existing frameworks.
Crypto-Asset Risks Remain High
The abuse of crypto asset services for financial crime continues to be a primary concern, compounded by a significant increase in transaction volumes and authorised Crypto Asset Service Providers (CASPs) in the EU. Many CASPs lack effective AML/CFT systems, and some entities attempt to bypass licensing/registration processes.
Implication: The practical and consistent application of the new EU crypto framework (MiCA and FTR), which came into force at the end of 2024, is crucial. Enhanced supervisory coordination and rigorous enforcement are necessary to ensure CASPs implement robust AML/CFT controls, particularly regarding customer and beneficial owner identification, transaction monitoring, and the "Travel Rule."
Escalating Fraud and Cybercrime
Automation and Artificial Intelligence (AI) are fueling increasingly sophisticated fraud and cybercrime schemes. Criminals are leveraging AI to automate financial schemes, conceal fund sources, generate fake documents, and use deep-fake technologies to evade CDD measures, posing significant detection challenges for financial institutions.
Implication: Financial institutions must invest in advanced technologies and specialised expertise to combat AI-driven attacks. This necessitates responsible AI deployment, robust governance, staff training, and real-time monitoring capabilities. Supervisors also have a vital role in identifying and promoting good practices in detecting and mitigating these evolving threats.
Restrictive Measures (Sanctions) Compliance Challenges
The growing number and complexity of EU sanctions packages pose significant compliance challenges, as standard screening tools are often insufficient for sectoral sanctions. Despite increased supervisory actions, many institutions still lack adequate policies and procedures.
Implication: The EBA's new guidelines on governance and controls for restrictive measures, applicable from the end of 2025, are critical. Financial institutions must urgently review and enhance their sanctions screening systems, internal policies, and procedures to ensure comprehensive compliance. Supervisors, including AMLA, will need to monitor adherence to these new common EU standards rigorously. Challenges related to instant payments and fragmented card payment infrastructure also require attention to prevent inadvertent breaches.
Positive Developments
The Opinion notes positive trends in certain areas. Risks related to tax crimes and unwarranted de-risking appear to be decreasing due to legislative changes, enhanced compliance efforts, and increased supervisory engagement. Residual risk levels have improved in credit institutions, investment funds, and life insurance sectors, suggesting more effective AML/CFT systems and controls.
Implication: These positive trends demonstrate the effectiveness of concerted action by regulators, supervisors, and institutions. Sustaining this progress requires continued vigilance and the consistent application of risk-based approaches across all sectors. The EBA's assessment of possible next steps regarding access to basic financial products and services will be critical.
Customer Due Diligence (CDD) Shortcomings
Despite improvements in some areas, the report highlights that 6CDD shortcomings still cause 61% of AML/CFT breaches across all sectors. For the first time, risks associated with products and services are overtaking risks related to firms' customers. However, CDD remains a significant weak point.
Implication: While new product-related risks are emerging, fundamental CDD practices remain a critical vulnerability. Financial institutions must reinforce their CDD processes, ensuring they are robust, effectively applied, and tailored to customer risk profiles. Supervisors should continue to scrutinise CDD frameworks during inspections.
Conclusion
The EBA's Opinion underscores that while awareness of ML/TF risks is growing, the effectiveness of AML/CFT systems remains uneven across the EU financial sector. The rapid pace of technological innovation demands continuous adaptation from both financial institutions and supervisory authorities. The full implementation of new regulatory frameworks, coupled with a consistent and risk-based application of supervisory approaches, will be essential in strengthening the EU's financial sector against money laundering and terrorist financing.
Comments