Anti-money laundering and counter-terrorist financing (AML/CTF) regimes across countries are continuously adapting to new threats and risks.

Regulators continue to expand the regulatory perimeter to include additional firms that are exposed to AML/CTF risk.

Existing AML/CTF regimes no longer guarantee the integrity of strongly interconnected financial systems. The increased activity of non-banks in financial markets calls for appropriate controls and integration of these institutions into the AML/CTF ecosystem. As such, regulatory perimeters continue to extend.

-            In the third quarter of 2024, US regulators issued several rules increasing AML/ CTF obligations not only for banks but also the real estate sector and certain investment advisors:

o   US agencies proposed to align their requirements for bank’s AML programs with changes recently proposed by FinCEN. This means banks would be required to consider national AML/CTF priorities in their risk assessments and add customer due diligence requirements, including beneficial ownership information collection requirements to their AML programs.

o   The FinCEN issued a final rule under the Bank Secrecy Act requiring certain persons involved in real estate closings and settlements to report and maintain recordkeeping on certain non-financed transfers of residential real estate property, effective 1 December 2025.

o   Certain investment advisers will be included in the definition of “financial institution” and required to adopt AML/CTF programs by 1 January 2026. They will need to file suspicious activity reports and comply with AML/CTF reporting and recordkeeping obligations.

-            In September 2024, the Australian Government introduced the AML/CTF Act 2024 to Parliament. If passed, it would i) extend the country’s AML/CTF regime to certain higher-risk services provided by real estate professionals, dealers in precious metals and stones. lawyers, accountants, trust and company service providers (so-called tranche-two entities), ii) modernize the regime to reflect changing business structures, technologies and illicit financing methodologies and iii) extend the AML/CTF regime to additional services provided by virtual asset service providers. The amendments aim to close regulatory gaps and bring Australian law in line with the international standards set by the Financial Action Task Force (FATF). For instance, in May 2024, Australia was one of only five jurisdictions out of more than 200 that did not regulate tranche-two entities. This was placing Australia at risk of being “grey-listed” (i.e., identifies countries with strategic deficiencies in their AML/CFT system and can limit inward foreign investment or lead to difficulties for a state obtaining credit) by the FATF.

-            In Canada, regulators introduced AML/CTF regulatory requirements for acquirers that link white-label automated teller machines (ATMs) with payment systems and created an obligation for real estate representatives to identify unrepresented parties and any third-parties in real estate transactions.

Regulators continue to require firms to identify and manage AML/CTF risks and are considering new risk areas such as crypto or environmental crimes. 

-            The regulatory focus is on AML/CTF risk identification and management. For instance, in Australia suspicious activity indicators were issued for several sectors (e.g., banks, life insurance, securities) to help firms identify potential AML/CTF risks. In India, banks and other regulated entities will be mandated to conduct a thorough AML/CTF risk assessment, periodically. The guidance details risk factors and risk mitigation plans firms should consider.

-            Regulators target additional services and assets that introduce AML/CTF risks. Hong Kong regulators, have issued a circular to money service operators on AML/CTF risks associated with third-party payments and call for stringent due diligence, ongoing monitoring, and robust staff training, while UK regulators warn that crypto and digital currencies pose money laundering risks due to their anonymity and the potential use for ransomware payments. Firms should consider red flags (e.g., unusual transaction patterns, large volumes of transactions involving high-risk jurisdictions, or attempts to obfuscate the source of funds) for crypto money laundering.

-            Regulators aim to ensure, that firms outsourcing AML/CTF functions remain legally liable for any breach of their AML/CTF obligations by third-parties. An Australian guidance recommends firms to conduct due diligence on third-parties, understand legal restrictions on sharing information with them, and negotiate clear contractual arrangements for outsourcing, among others.

-            Regulators incorporate environmental crimes into their AML/CTF regimes. In Singapore, the AML Bill was passed in Parliament in August 2024, including provisions to investigate money laundering linked to foreign environmental crimes like illegal mining and waste trafficking, previously not recognized as serious offences under Singapore law.

In light of ever-evolving AML/CTF regimes and risks firms must be at the forefront of innovation

While regulators keep enhancing their AML/CTF regimes it is becoming more and more challenging to keep up with the ever-changing regulatory landscape, especially for internationally active firms. Moreover, the evolving risk landscape in the AML/CTF space is forcing firms to continuously identify, assess and mitigate new and emerging risks.

Using innovative technologies, such as artificial intelligence, data analytics and cloud computing to generate better data quality and more actionable intelligence can help manage the increased regulatory burden and complexity of evolving AML/CTF regimes.

Find out how EY enables clients to fight financial crime with technology and learn more about EY’s  services in AML monitoring and investigations.

The views reflected in this article are views of the author and do not necessarily reflect the views of the global EY organization or its member firms.