Close Menu
    Fintech

    New Risk Landscape: What the EBA’s 2025 Report Means for Fintech: By Francesco Fulcoli

    6 Mins Read


    The European Banking Authority (EBA) recently published its

    fifth biennial Opinion and Report on money laundering (ML) and terrorist financing (TF) risks affecting the EU’s financial sector.     While these reports are typically regulatory in nature, the 2025 edition reads like a warning bell for the
    fintech industry — especially for firms that are growing fast but neglecting the governance and risk controls needed to stay compliant.

    This article explores the EBA’s findings, why they matter for fintech, and how our industry can evolve to meet the challenge — not just to avoid fines, but to build sustainable, trustworthy financial ecosystems.

    📘 The Report in Context

    The EBA’s Opinion, required under Article 6(5) of Directive (EU) 2015/849, is based on data from
    January 2022 to December 2024, including:

    • Input from 52 national supervisory authorities
    • Data from the EuReCA AML/CFT database
    • Findings from inspections, peer reviews, and supervisory colleges

     

    The report reflects an AML landscape shaped by
    technological innovation, shifting criminal behaviours, and regulatory reforms     — a perfect storm of change that makes traditional compliance models inadequate.

    🚧 Key Findings: A System Under Pressure

    1. FinTech’s Compliance Gap Is Widening

    Fintech continues to drive innovation, but growth has
    outpaced compliance capabilities     in many firms:

    • 70% of regulators report high or increasing ML/TF risks in fintech.
    • Fintech providers are often too focused on customer acquisition and not enough on
      robust risk controls.
    • Common issues include:

     

    🚩 Why it matters for fintech: This is not just about ticking boxes. If you’re onboarding customers at scale using automated tools without robust alert management and human intervention, you’re a target — for both regulators
    and criminals.

    2. RegTech Isn’t a Silver Bullet — Yet

    RegTech has become a go-to solution for many fintechs, offering automation in onboarding, transaction monitoring, and screening. But the EBA warns of
    unthinking implementation:

    • Over 277 material weaknesses in RegTech use were reported to regulators in 2023–2024.
    • Risks include:

     

    🚩 Why it matters for fintech: Using RegTech without knowing how it works is like driving a car without brakes. Regulators expect firms to show
    why a system flags something, how it’s calibrated, and what governance is in place.

    3. Crypto Still Carries High Risk

    Between 2022 and 2024, the number of Crypto Asset Service Providers (CASPs) more than
    doubled in the EU. The EBA identifies significant gaps:

    • CASPs often lack CDD procedures and struggle to identify beneficial owners.
    • Governance and senior management integrity are frequently weak.
    • There’s growing crossover between CASPs and traditional sectors (e.g. e-money, payment institutions).
    • “Rug pulls,” unregulated token sales, and crypto-fiat mixing are on the rise.

     

    🚩 Why it matters for fintech: If you offer crypto-related services — even indirectly — you’re part of this web. Regulators will expect clear controls, oversight of group entities, and transparency on how crypto interacts
    with fiat.

    4. AI and Fraud: The Dark Side of Innovation

    AI is revolutionising finance — and crime:

    • Criminals are using AI to generate fake documents, simulate identities, and execute deepfake-based onboarding.
    • Payment fraud is now the second-highest operational risk across the EU, driven by automation and social engineering.
    • Institutions often lack the expertise to deploy AI responsibly or detect AI-powered scams.

     

    🚩 Why it matters for fintech: AI is a double-edged sword. Without robust controls and explainability, your fraud controls can be bypassed by tools more sophisticated than your systems.

    5. Sanctions Regimes Are More Complex Than Ever

    The EBA warns of growing risk of breaches due to:

    • Complex and frequently updated sanctions lists
    • Limitations in screening instant SEPA transactions
    • Fragmented data in card and aggregator payment schemes
    • Poor record-keeping, outdated screening thresholds, and lack of governance

     

    🚩 Why it matters for fintech: Sanctions violations can lead to severe fines and reputational damage. As the EBA rolls out its new guidelines by
    December 2025, firms must prepare now — with better technology, escalation processes, and audibility.

    6. White Labelling and vIBANs Create Transparency Risks

    Fintechs offering services through white-labelled partners or
    virtual IBANs are creating opacity:

    • White labelling can obscure who is actually conducting AML checks.
    • vIBANs can mask the true account holder, enabling layering and obfuscation.
    • Regulators lack full visibility, and so do some providers.

     

    🚩 Why it matters for fintech: The future of AML regulation will require traceability and attribution. If your customer journey includes third parties, bundled services, or foreign accounts, expect heightened scrutiny.

    ✅ What’s Working: Improvements Worth Noting

    • ML/TF risks related to tax crimes are decreasing, thanks to legislative reforms and joint actions between regulators and tax authorities.
    • Unwarranted de-risking (i.e. denying services to entire customer segments) is also declining, replaced by smarter, risk-based decisions.
    • Supervisory engagement is increasing, particularly through targeted inspections and
      thematic reviews.

     

    💡 Takeaway: Fintechs that demonstrate robust governance, risk-based thinking, and proactive compliance will stand out — not just to regulators, but to investors and banking partners.

    🔮 What’s Next: A Regulatory Framework That’s Getting Smarter

    2024–2025 marks the transition to the new EU AML/CFT framework, including:

    • The Anti-Money Laundering Regulation (AMLR), which will introduce:
    • The Markets in Crypto Assets (MiCA) regulation and FTR, which will bring CASPs fully under EU supervision.
    • The launch of the Anti-Money Laundering Authority (AMLA), which will coordinate supervision and enforce consistency.

     

    🧭 How fintechs should prepare:

    1. Treat AML/CTF as strategic infrastructure, not a support function.
    2. Invest in explainable technology — not just automation, but traceability.
    3. Build internal expertise in RegTech and AI — not everything can be outsourced.
    4. Map your risk exposure across partners, services, and geographies.
    5. Align now with EBA guidance — don’t wait for enforcement.

     

    💬 Compliance as a Competitive Advantage

    Too often, compliance is seen as a blocker to growth. The EBA’s report shows it’s the opposite —
    compliance gaps are growth killers. In today’s environment, the fastest-growing fintechs are also those that can demonstrate robust controls, clear data lineage, and responsible innovation.

    Let’s not forget: trust is the ultimate currency in finance. And trust is built by being prepared, transparent, and ahead of the curve.

     



    Source link

    Share.

    Related Posts

    Leave A Reply